Lucene search
K

31 matches found

Snyk
Snyk
added 2026/06/09 9:59 p.m.11 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the handleTokenExchange function. An attacker can gain unauthorized access to restricted resources by exploiting the lack of enforcement of allowed connectors when exchanging tokens. This is only exploitable i...

8.7CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/05/14 3:22 p.m.9 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the pgcreatesubscriber process. An attacker can execute arbitrary SQL commands with superuser privileges by supplying a crafted subscription name. Remediation A fix was pushed into the master branch but not yet...

7.2CVSS6.1AI score0.00287EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/05 7:7 p.m.7 views

Arbitrary Code Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Arbitrary Code Injection through the autoEvalCodeOnHTML process. An attacker can execute arbitrary JavaScript code in the browser context of any logged-in user by...

7.2CVSS6.1AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/05 12:26 p.m.8 views

Interpretation Conflict

Overview org.webjars.npm:fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Interpretation Conflict during the decoding of URL host component. An attacker can manipulate the authority component of a URI by supplying percent-encoded delimiters,...

8.7CVSS5.8AI score0.00475EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 6:51 p.m.6 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the JP2 encoder when an invalid sampling index is specified. An attacker can cause a denial of service by providing a specially crafted input file. Remediation A fix was pushed into the master branch but not yet...

6.8CVSS5.7AI score0.00189EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/09 7:10 p.m.3 views

Incomplete List of Disallowed Inputs

Overview org.webjars.npm:unhead is a Full-stack manager built for any framework. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the hasDangerousProtocol function though the usage of HtmlEntityHex and HtmlEntityDec RegExp. An attacker can inject malicio...

6.1CVSS5.8AI score0.00285EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 7:10 p.m.3 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the client monitoring message handler due to insufficient validation of the queue name supplied by the client. An attacker can execute arbitrary code on the server by sending a crafted...

8.5CVSS6.2AI score0.0046EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 10:7 a.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the doCertificateUpdate handler in certificates.go. An attacker can change the type of an existing certificate by sending a certificate update reques...

9.6CVSS5.4AI score0.00274EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/09 1:23 a.m.7 views

CVE-2026-22711

Improper neutralization of alternate XSS syntax vulnerability in The Wikimedia Foundation Mediawiki - Wikilove Extension allows Cross-Site Scripting XSS.The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45...

6.9CVSS5.8AI score0.00293EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/04 6:16 a.m.1 views

Information Exposure

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Information Exposure via the install/test.php script when the command-line interface guard is disabled. An attacker can access sensitive information such as viewer...

6.9CVSS5.8AI score0.00332EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/01 12:0 a.m.6 views

Improperly Implemented Security Check for Standard

Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard in the mbedtlssslconfsigalgs function. An attacker can reduce the security strength of cryptographic operations by forcing the use of weaker algorithms, which may result in information...

6.9CVSS5.8AI score0.00135EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 11:50 p.m.4 views

Replay Attack

Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Replay Attack in the webhook-security.ts process. An attacker can bypass replay protection by capturing a valid signed webhook and resending it with reordered query parameters, there...

8.2CVSS5.9AI score0.00149EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 8:10 p.m.3 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write while decoding header names. An attacker can achieve memory corruption and potentially execute arbitrary code by sending specially crafted event-stream messages to a client application. Remediation A fix was pushed...

7.7CVSS6.1AI score0.00376EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/19 6:51 p.m.4 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the wolfSSLd2iSSLSESSION function when deserializing session data with the SESSIONCERTS option enabled. An attacker can corrupt heap memory and potentially execute arbitrary code or cause a crash by supplyi...

8.1CVSS6.2AI score0.00123EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/17 8:33 p.m.54 views

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the proxy.php endpoint when handling HTTP redirects without re-validating the redirect target. An attacker can access internal...

8.7CVSS5.8AI score0.00453EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/09 4:44 p.m.1 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop through the DWARF parsing process. An attacker can cause the application to enter an infinite output loop by providing a specially crafted binary with malformed DWARF loclists data, resulting in excessive CPU and I/O...

6.2CVSS5.8AI score0.00152EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/24 3:27 a.m.3 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the PUT request handler in the UDM component when processing an unexpected ueId value. An attacker can cause the service to crash and disrupt availability by sending a specially crafted request. Remediation...

8.7CVSS5.9AI score0.0051EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/16 2:59 p.m.3 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to improper handling of memory allocation in the libvpx. An attacker can execute arbitrary code or cause a crash by supplying specially crafted media files. Remediation A fix was pushed into the master...

8.8CVSS6.1AI score0.006EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/18 5:49 a.m.3 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the GenImageFontAtlas function. An attacker can execute arbitrary code or cause a denial of service by providing specially crafted input that triggers a heap-based buffer overflow during local execution...

7.8CVSS6.6AI score0.00306EPSS
Exploits1References2
Snyk
Snyk
added 2025/12/29 7:41 p.m.4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the HeifPixelImage::overlay function. An attacker can cause a crash by supplying a crafted HEIF file with a malicious iovl overlay box that triggers a negative row length calculation, leading to a large...

8.8CVSS6.7AI score0.00267EPSS
Exploits1References2
Rows per page
Query Builder