Lucene search
K

3363 matches found

Snyk
Snyk
added 2026/07/02 8:38 p.m.5 views

Improper Authentication

Overview fast-mcp-telegram is a Multi-tenant Telegram gateway for AI agents — HTTP+stdio transport, 8 agent-optimized tools, MTProto User API Affected versions of this package are vulnerable to Improper Authentication via the SessionFileTokenVerifier.verifytoken process. An attacker can gain...

9.4CVSS6AI score0.00423EPSS
Exploits0References3
Snyk
Snyk
added 2026/07/02 5:38 p.m.5 views

Relative Path Traversal

Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Relative Path Traversal through improper validation of user-supplied file paths in the ReadFileTool and WriteFileTool components. An attacker can access or modify files outside the...

8.4CVSS6AI score0.00184EPSS
Exploits1References3
Snyk
Snyk
added 2026/07/02 1:50 p.m.4 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the BalancerForward process. An attacker can manipulate upstream IP-based logic, such as rate limiting, access control, and audit logging, by injecting a spoofed X-Real-IP header value in requests. Remediation...

6.9CVSS6AI score0.00455EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/02 7:33 a.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of enforced limits in the parser when processing JSON input. An attacker can cause excessive CPU and memory consumption by submitting very large or deeply nested JSON...

8.7CVSS6AI score0.00366EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:6 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the realm parameter in the authentication process. An attacker can cause the client to send requests to internal network endpoints or transmit credentials over an unencrypted channel by controlling t...

3.1CVSS6AI score
Exploits0References3
Snyk
Snyk
added 2026/07/01 8:35 p.m.3 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the addLabelsFromOptions function. An attacker can overwrite security-sensitive namespace labels by pushing changes to a monitored repository, thereby weakening admission controls and enabling...

8.8CVSS6AI score0.00508EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 7:24 p.m.4 views

External Control of File Name or Path

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

8.5CVSS6AI score0.00098EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 7:0 p.m.4 views

Arbitrary Argument Injection

Overview repomix is an A tool to pack repository contents to single file for AI consumption Affected versions of this package are vulnerable to Arbitrary Argument Injection via unsanitized input to the remoteBranch parameter in the execGitShallowClone process. An attacker can execute arbitrary...

8.8CVSS6.2AI score0.00066EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 6:41 p.m.4 views

Unsafe Dependency Resolution

Overview neuro-cortex-memory is a Scientifically-grounded memory system based on computational neuroscience research Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the CLAUDEPROJECTDIR environment variable, which is treated as a trusted source directory witho...

8.5CVSS6.2AI score
Exploits0References2
Snyk
Snyk
added 2026/07/01 6:18 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview github.com/elastic/fleet-server/v7/internal/pkg/api is a control server to manage a fleet of elastic-agents. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the upload endpoint. An attacker can exhaust system memory by submitti...

7.5CVSS6AI score0.00312EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 12:28 p.m.5 views

Incorrect Privilege Assignment

Amendment This was deemed not a vulnerability. Overview foreman is a complete lifecycle management tool for physical and virtual servers. Affected versions of this package are vulnerable to Incorrect Privilege Assignment via manipulation of the Usergroup process. An attacker can gain...

8.8CVSS6AI score0.00297EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-49432

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed...

7.5CVSS6.2AI score0.00844EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/30 5:26 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the POST /api/n9e/datasource/list route, which lacks proper authorization checks. An attacker can obtain sensitive credentials, such as database passwords, HTTP bearer tokens, and mTLS client keys, by sending...

7.1CVSS6AI score0.00238EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/30 2:51 p.m.7 views

CVE-2026-13149

A flaw was found in brace-expansion. An attacker can exploit a vulnerability in the expand function by providing a specially crafted string. This string, containing consecutive non-expanding brace groups, can trigger exponential-time complexity, leading to significant CPU consumption and event-lo...

8.7CVSS5.8AI score0.00361EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/30 2:28 p.m.8 views

CVE-2026-53432

A flaw was found in fzf. An integer overflow vulnerability exists in the FuzzyMatchV2 function when processing exceptionally long input lines and patterns. This can lead to the application terminating unexpectedly with a non-recoverable panic, resulting in a Denial of Service DoS. A local user...

7.5CVSS5.8AI score0.00243EPSS
Exploits0References6
OSV
OSV
added 2026/06/30 11:16 a.m.3 views

UBUNTU-CVE-2026-53916

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

7.5CVSS5.9AI score0.00796EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/29 10:53 p.m.3 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the checkUserPassword process. An attacker can execute arbitrary queries on the backend database by injecting specially crafted input into the password field of a Graph...

8.7CVSS6.2AI score0.00484EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/29 8:44 p.m.4 views

CVE-2026-55955

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, fro...

5.7AI score0.0028EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/29 11:50 a.m.4 views

Arbitrary Code Injection

Overview mesop is a Build UIs in Python Affected versions of this package are vulnerable to Arbitrary Code Injection due to an explicit web endpoint inside the ai/ testing module infrastructure directly ingests untrusted Python code strings unconditionally without authentication measures, yieldin...

9.8CVSS6.1AI score0.05289EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-391 LiteLLM has SQL Injection in Proxy API key verification

Impact A database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route for example POST /chat/completions a...

9.8CVSS6.1AI score0.86607EPSS
Exploits7References7
Rows per page
Query Builder