Lucene search
K

8 matches found

Snyk
Snyk
added 2026/04/15 7:30 p.m.7 views

Insufficient Granularity of Access Control

Overview Affected versions of this package are vulnerable to Insufficient Granularity of Access Control in namespace validation for the ImageUpdater resources. An attacker can perform unauthorized image updates on applications in other namespaces by creating or modifying ImageUpdater resources,...

9.1CVSS5.8AI score0.00357EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/28 4:42 a.m.8 views

XML External Entity (XXE) Injection

Overview peppol-py is an A python implementation for sending peppol eDelivery AS4 documents. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the XML validation process. An attacker can access sensitive files from the filesystem and exfiltrate their conten...

5.3CVSS7.4AI score0.00299EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1826

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01133EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/06/03 2:45 p.m.6 views

CVE-2025-46548 Apache Pekko Management, Apache Pekko Management, Apache Pekko Management, Akka Management, Akka Management, Akka Management: management API basic authentication is not effective

If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes...

6.6AI score0.00655EPSS
Exploits1References3
OSV
OSV
added 2025/02/25 1:15 a.m.2 views

CVE-2025-1642

A vulnerability was found in Benner ModernaNet up to 1.1.0. It has been declared as critical. This vulnerability affects unknown code of the file /AGE0000700/GetImageMedico?fooId=1. The manipulation of the argument fooId leads to improper control of resource identifiers. The attack can be initiat...

7.5CVSS5.4AI score0.00631EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/02/05 2:21 a.m.10 views

CVE-2024-24556

urql is a GraphQL client that exposes a set of helpers for several frameworks. The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses non-RSC. This vulnerability is...

7.2CVSS6.9AI score0.00355EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/03/20 12:0 a.m.4 views

PT-2023-10275 · Unknown · Zarthus Irc Twitter Announcer Bot

Name of the Vulnerable Software and Affected Versions: Zarthus IRC Twitter Announcer Bot versions up to 1.1.0 Description: A critical issue was found in the Zarthus IRC Twitter Announcer Bot, affecting the get tweets function of the file lib/twitterbot/plugins/twitter announcer.rb. The manipulati...

8.1CVSS6.1AI score0.01846EPSS
Exploits0References8
Snyk
Snyk
added 2022/09/19 12:4 p.m.3 views

Arbitrary Code Execution

Overview joblib is a Lightweight pipelining with Python functions Affected versions of this package are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement. PoC py def f: return 1 p = Parallelnjobs=3, predispatch="sys.exit0" pdelayedf for i ...

9.8CVSS5.4AI score0.01893EPSS
Exploits1References3
Rows per page
Query Builder