Lucene search
K

81 matches found

Snyk
Snyk
added 2026/06/21 5:11 p.m.16 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the getAttributeId function. An attacker can cause memory corruption or execute arbitrary code by providing specially crafted input that triggers an integer overflow. Remediation A fix was pushed into...

7.5CVSS6.2AI score0.00102EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 6:21 p.m.7 views

Origin Validation Error

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Origin Validation Error in the Socks5ProxyAgent. An attacker can intercept or redirect sensitive data, including credentials and request payloads, to...

8.8CVSS6.4AI score0.00315EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 5:30 p.m.10 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion during the JSON conversion. An attacker can exhaust the call stack and cause the application to crash by supplying crafted protobuf binary data containing deeply nested Any values that are expanded during...

8.7CVSS5.9AI score0.00324EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 8:12 p.m.8 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the multiPartHeader function when untrusted input is provided via field or filename to FormDataappend. An attacker can inject additional headers or multipart parts by including carriage returns, line feeds, or double...

8.7CVSS5.9AI score0.00409EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.8 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the MVG decoder when processing a crafted file due to a missing depth or visited-set check. An attacker can cause a denial of service by supplying a specially crafted MVG file that triggers a stack overflow...

6.8CVSS5.3AI score0.00107EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 6:33 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the QUIC stack, when flooded with PATHCHALLENGE frames. A malicious remote peer can exhaust heap memory and terminate a QUIC client or server. Remediation A fix was pushed into the...

8.7CVSS5.4AI score0.00511EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/04 6:15 a.m.9 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free due to missing handler call depth tracking in the processing of XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers when a policy violation occurs. An attacker can cause memory...

5.9CVSS6AI score0.00218EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/02 10:22 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the serialization algorithm in the PrefetchPageLinks function. An attacker can cause a denial of service by supplying specially crafted user input that is reflected and processed...

8.7CVSS5.9AI score0.00294EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 7:43 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the parsing of maliciously crafted Git repository data, such as .pack, .idx, or loose objects. An attacker can cause the application to panic by providing a payload that excee...

6.9CVSS5.8AI score
Exploits0References2
CVE
CVE
added 2026/05/29 12:32 p.m.23 views

CVE-2026-49324

The CVE-2026-49324 affects the Wireless Control Module (WCM) in the Indian Motorcycle Scout Bobber + Tech 2025 model year. The root cause is an exploitable brute‑force lockout that is reachable via any unauthenticated in‑vehicle network message, with no session binding and no reset on power cycle...

4.6CVSS5.8AI score0.00174EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:29 a.m.13 views

CVE-2026-49322

Weak authentication in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/19 9:51 p.m.9 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the decodemaskimage function. An attacker can cause a heap buffer overflow by providing a crafted HEIF file containing a mask image where the iloc extent exceeds the allocated pixel buffer, leading to...

7.1CVSS6AI score0.00343EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/07 4:30 a.m.7 views

Information Exposure

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Information Exposure via the sandbox CallSite handling. An attacker can leak absolute host filesystem paths by causing error.stack or...

6.9CVSS5.4AI score0.00241EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/07 4:10 a.m.10 views

Uncaught Exception

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Uncaught Exception through the Promise constructor when an unhandled rejection propagates from the sandboxed environment to the host...

9.2CVSS5.4AI score0.00448EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/07 3:2 a.m.6 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GET /api/namespaces/:tenant process. An attacker can access sensitive information belonging to other tenants by authenticating with an API Key and bypassing membership checks...

7.1CVSS5.4AI score0.00308EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/06 1:21 a.m.11 views

Use of a Broken or Risky Cryptographic Algorithm

Overview paramiko is a library for making SSH2 connections client or server. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the RSA key handling by allowing the use of the SHA-1 algorithm. An attacker can compromise the integrity of...

4.8CVSS5.8AI score0.00114EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/30 5:26 p.m.4 views

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the enforcement of X.509 nameConstraints due to case-sensitive comparisons for dNSName and the domain portion of rfc822Name. An attacker can gain unauthorized certificate validation and potential...

7.4CVSS5.8AI score0.00566EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/29 12:0 a.m.8 views

Improper Validation of Specified Quantity in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input due to improper handling of oversized Subject Alternative Name fields during certificate validation. An attacker can bypass certificate validation by crafting a certificate with an...

8.8CVSS5.8AI score0.00423EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/27 6:19 p.m.6 views

Use of Uninitialized Resource

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Use of Uninitialized Resource via the hasmambalayers function in the KV Block Handler. An attacker can cause unintended behavior by leaking data...

6.3CVSS6.2AI score0.00288EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 8:23 p.m.17 views

Uncontrolled Recursion

Overview xmldom is an A pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Affected versions of this package are vulnerable to Uncontrolled Recursion in the recursive processing of deeply nested XML documents by several DOM-related operations, including...

8.7CVSS5.4AI score0.00643EPSS
Exploits0References2
Rows per page
Query Builder