Lucene search
K

11 matches found

Snyk
Snyk
added 2026/05/04 7:16 p.m.5 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read through improper bounds checking in the CreateInstanceFromBackup and CreateInstanceFromMigration functions. An attacker can cause the daemon to crash by submitting a crafted backup archive with physical snapshot...

7.1CVSS5.8AI score0.00408EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/20 12:30 a.m.6 views

Server-side Request Forgery (SSRF)

Overview ragas is an Evaluation framework for RAG and LLM applications Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper validation of URLs in the retrievedcontexts parameter when processing multimodal inputs. An attacker can access arbitrary files,...

8.1CVSS6.5AI score0.00534EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/03 6:30 p.m.3 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the store endpoint. An attacker can execute arbitrary scripts in the context of users by uploading specially crafted files that are rendered without proper content validation. Remediation There is no fixed...

6.1CVSS5.8AI score0.00244EPSS
Exploits4References3
Snyk
Snyk
added 2026/01/23 5:8 a.m.3 views

Deserialization of Untrusted Data

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserializemessage function. Details Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or databa...

9.8CVSS5.9AI score0.00993EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/23 5:8 a.m.4 views

Arbitrary Code Injection

Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Arbitrary Code Injection via the code parameter in the validate endpoint. An attacker can execute arbitrary code with root...

9.8CVSS7.6AI score0.02035EPSS
Exploits1References2
Snyk
Snyk
added 2025/04/21 3:31 p.m.4 views

Host Header Injection

Overview croogo/croogo is an Open Source CMS built for everyone. Affected versions of this package are vulnerable to Host Header Injection in the feed.rss component, which takes the content of the -H argument in a request and passes it through to the element in a response without filtering. An...

9.1CVSS7.1AI score0.00469EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.3 views

Denial of Service (DoS)

Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Denial of Service DoS due to missing timeouts in some of the methods. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...

8.7CVSS7AI score0.00446EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.2 views

Server-side Request Forgery (SSRF)

Overview fschat is an An open platform for training, serving, and evaluating large language model based chatbots. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to improper web server configuration. An attacker can access internal server resources and dat...

8.7CVSS7AI score0.00703EPSS
Exploits1References2
Snyk
Snyk
added 2025/02/06 5:10 p.m.2 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in rtmpsrv.c, which takes a stream as input without validation of its playpath value. This allows an attacker to trigger a crash by convincing a user to open a malicious RTMP stream. Remediation There is no fixe...

7.1CVSS6.8AI score0.02732EPSS
Exploits1References2
Snyk
Snyk
added 2020/12/11 1:37 p.m.1 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection. The injection point is located in line 678 in index file lib/index.js in the exported function installrequestedModule. PoC var root = require"buns"; var name = "& touch JHU"; root.installname; Remediation There is no...

9.8CVSS7.3AI score0.01583EPSS
Exploits0References2
Snyk
Snyk
added 2020/11/19 12:56 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. The library is vulnerable to XSS when creating an html output from an excel file by adding a comment on any cell. The root cause of this issue is within the HTML writer where user comments are concatenated as...

7.1CVSS6AI score0.01301EPSS
Exploits1References2
Rows per page
Query Builder