Lucene search
K

12 matches found

Snyk
Snyk
added 2026/04/17 9:32 p.m.6 views

Symlink Attack

Overview compressing is an Everything you need for compressing and uncompressing Affected versions of this package are vulnerable to Symlink Attack via the isPathWithinParent function. An attacker can overwrite arbitrary files outside the intended extraction directory by supplying a malicious...

8.6CVSS5.9AI score0.00334EPSS
Exploits2References2
Snyk
Snyk
added 2026/04/10 7:30 p.m.1 views

External Control of File Name or Path

Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to External Control of File Name or Path in the artifactbundle/assemble endpoint. An authenticated attacker can create or overwrite files within locations writable by the service account by supplying...

8.1CVSS5.8AI score0.00299EPSS
Exploits0References2
OSV
OSV
added 2026/03/16 6:44 p.m.4 views

GHSA-Q6FM-P73F-X862 Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability

Unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Because Azure can return sensitive data in error...

8.7CVSS5.8AI score0.00348EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/04 6:27 p.m.4 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion. An attacker can cause the application to crash or become unresponsive by sending malformed requests that trigger uncontrolled recursion, potentially leading to a stack overflow. Remediation Upgrade multer to...

8.7CVSS5.8AI score0.00713EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/27 3:21 a.m.6 views

Weak Password Recovery Mechanism for Forgotten Password

Overview @evershop/evershop is a The React Ecommerce platform. Built with React and Postgres. Open-source and free. Fast and customizable. Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password. An attacker can gain unauthorized access to...

9.8CVSS5.9AI score0.00446EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 8:43 p.m.2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the gRPC API and HTTP APIs, which allow peers to send requests that cause the recipient to create files in arbitrary file system locations and read arbitrary files. An attacker can access sensitive data or execu...

10CVSS7.4AI score0.0068EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 8:43 p.m.1 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the gRPC API and HTTP APIs, which allow peers to send requests that cause the recipient to create files in arbitrary file system locations and read arbitrary files. An attacker can access sensitive data or execu...

10CVSS7.4AI score0.0068EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 8:43 p.m.2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the gRPC API and HTTP APIs, which allow peers to send requests that cause the recipient to create files in arbitrary file system locations and read arbitrary files. An attacker can access sensitive data or execu...

10CVSS7.4AI score0.0068EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 8:42 p.m.1 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to using os.MkdirAll function which does not perform any permission checks when a given directory path already exists. An attacker can gain unauthorized access or modify files by...

5.1CVSS6.6AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 8:23 p.m.1 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data via the DownloadTinyFile function. An attacker can intercept and modify file downloads by performing a man-in-the-middle attack on network traffic, potentially causing peers to receive malicious file...

6.9CVSS6.6AI score0.0013EPSS
Exploits0References2
OSV
OSV
added 2025/09/15 8:2 a.m.4 views

CVE-2025-10433 1Panel-dev MaxKB debug deserialization

A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some unknown processing of the file /admin/api/workspace/default/tool/debug. Executing manipulation of the argument code can lead to deserialization. The attack can be executed remotely. The exploit has been...

5.3CVSS6.2AI score0.00288EPSS
Exploits0References7
Snyk
Snyk
added 2025/05/20 6:50 p.m.2 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition during the image unpack process. An attacker can modify the host file system by exploiting the time gap between checking and using a file or resource. Workarounds 1. Verify image integrity...

9.6CVSS6.9AI score0.00435EPSS
Exploits0References2
Rows per page
Query Builder