Lucene search
K

12 matches found

Snyk
Snyk
added 2026/06/10 9:45 a.m.4 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error due to the improper matching of the query destination address and port with the response source address and port when Idns is used in applications as stub resolver over UDP. Remediation A fix was pushed into the...

8.2CVSS5.8AI score0.00147EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/14 3:23 p.m.9 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the CREATE TYPE process. An attacker can execute arbitrary SQL functions of their choice by hijacking queries that use searchpath to locate user-defined types, including those defined by extensions. Remediation...

5.4CVSS6.3AI score0.00159EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 5:22 p.m.11 views

Improper Authentication

Overview tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Authentication when DIGEST authentication is configured. An attacker can gain unauthorized access by providing any...

9.8CVSS5.8AI score0.01233EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/13 10:11 p.m.5 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow when parsing XML files. An attacker can cause a denial of service by providing a specially crafted XML file that triggers a heap buffer overflow. Remediation A fix was pushed into the master branch but not yet...

6.9CVSS6AI score0.00428EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 1:41 p.m.3 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the gdkpixbufjpegimageload function of the JPEG image loader. An attacker can cause application crashes and disrupt service availability by submitting a specially crafted JPEG image that triggers improper...

8.7CVSS7.2AI score0.01069EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/18 12:42 a.m.3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the GroupEventJsonView endpoint. An attacker can access event data belonging to other organizations by specifying identifiers for resources outside their authorized scope. Note: This...

7.1CVSS5.8AI score0.00241EPSS
Exploits1References3
Snyk
Snyk
added 2026/02/13 6:58 p.m.5 views

Off-by-one Error

Overview bacnet-stack is a None Affected versions of this package are vulnerable to Off-by-one Error. via the tokenizerstring function. An attacker can cause a crash by providing a string literal longer than the buffer limit, which leads to a stack overflow when the function incorrectly writes a...

6.8CVSS5.8AI score0.0024EPSS
Exploits1References2
Snyk
Snyk
added 2025/08/13 9:52 a.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An attacker can cause excessive resource allocation by submitting specially crafted ASN.1...

6.3CVSS6.8AI score0.0043EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/18 12:0 a.m.1 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the improper verification of SignatureValue within SignerInfo. An attacker can manipulate the integrity of signed data by crafting a malicious signature that bypasses validation...

9.1CVSS4.7AI score0.00092EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/19 11:15 p.m.5 views

Heap-based Buffer Overflow

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Heap-based Buffer Overflow in v8, when processing a very large number of parameters. Remediation A fix was...

8.8CVSS6.8AI score0.00648EPSS
Exploits0References2
Snyk
Snyk
added 2024/10/09 6:46 a.m.2 views

Improper Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions due to an invalid parse of the title in the vector-intro-page message. Remediation A fix was pushed into the master branch but not yet published. References - Gerrit Wikimedia - GitHub Commit ...

6.9CVSS6.9AI score0.00263EPSS
Exploits0References2
Snyk
Snyk
added 2023/07/19 12:0 a.m.3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection. The PKCS11 feature in ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Note: This issue exists...

9.8CVSS9AI score0.76768EPSS
Exploits13References2
Rows per page
Query Builder