Lucene search
K

3365 matches found

Snyk
Snyk
added 2026/06/24 9:17 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the webhook delivery process. An attacker can access internal network resources by supplying a webhook URL that follows redirects to hostnames within restricted local address ranges. Remediation Upgra...

8.8CVSS6AI score0.00402EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 3:18 p.m.4 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to a missing permission check in the connect process. An attacker can initiate unauthorized connections to arbitrary URLs by supplying crafted credentials, potentially exposing sensitive information or...

5.4CVSS6.1AI score0.00167EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 9:24 p.m.7 views

Incorrect Authorization

Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Incorrect Authorization in the...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 9:22 p.m.4 views

Incomplete List of Disallowed Inputs

Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the...

9.2CVSS5.8AI score0.00695EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 5:43 p.m.7 views

Improper Neutralization of Special Elements in Data Query Logic

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the enrichContext process. An attacker can access and modify all documents in connected NoSQL databases by injecting crafted...

10CVSS5.8AI score0.00538EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51548

Name of the Vulnerable Software and Affected Versions Language Servers for AWS versions prior to 1.69.0 Description Missing symlink validation may allow an arbitrary file write outside of the workspace trust boundary. This occurs when a local user opens a workspace containing a maliciously crafte...

8.5CVSS5.9AI score0.00142EPSS
Exploits0References10
Snyk
Snyk
added 2026/06/22 11:48 p.m.5 views

CSV Injection

Overview @actual-app/api is an An API for Actual Affected versions of this package are vulnerable to CSV Injection in the exportToCSV and exportQueryToCSV processes, where user-controlled input from fields such as Payee and Notes is passed to CSV export without neutralizing formula-triggering...

4.2CVSS5.9AI score0.00286EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 6:55 a.m.31 views

CVE-2025-66336 Apache Doris MCP Server: SQL injection leading the authentication bypass

Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymo...

0.00375EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.7 views

Debian dsa-6356 : imagemagick - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6356 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6356-1 [email protected] https://www.debian.org/securit...

7.5CVSS6.5AI score0.00353EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

Fedora 44 : singularity-ce (2026-63ae478575)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-63ae478575 advisory. Upgrade to 4.4.2 upstream version. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

8.2CVSS6.8AI score0.00651EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/19 9:42 p.m.11 views

Use After Free

Overview msgpack is an efficient binary serialization format. Affected versions of this package are vulnerable to Use After Free in the unpacker' when it is reused after an error has occurred. An attacker can cause a crash or denial of service by repeatedly triggering errors and reusing the same...

8.7CVSS5.8AI score0.00278EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 9:18 p.m.5 views

UNIX Symbolic Link (Symlink) Following

Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the BaseFileComponent.unpackbundle function. An attacker can access arbitrary fil...

9.6CVSS6.2AI score0.00411EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/19 8:47 p.m.8 views

Improper Locking

Overview Affected versions of this package are vulnerable to Improper Locking in the releasewritelock and releasereadlock functions. An attacker can disrupt synchronization guarantees and exploit data races or cause denial of service by invoking these functions from unauthorized threads or withou...

9.8CVSS5.9AI score0.0016EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 8:47 p.m.5 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the Oj::Parser when operating in SAJ mode with object keys of 35 bytes or longer. An attacker can cause a segmentation fault by triggering garbage collection within a callback, leading to use of a freed memory pointer...

8.7CVSS5.9AI score0.00253EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 8:47 p.m.7 views

Improper Verification of Cryptographic Signature

Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in...

9.1CVSS6AI score0.00143EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/19 8:46 p.m.4 views

Infinite loop

Overview python-liquid is an A Python engine for the Liquid template language. Affected versions of this package are vulnerable to Infinite loop in the % case % tag parsing logic, caused by an incorrect definition of the EOF token's kind and value in the TokenStream.eof attribute. A user who can...

7.1CVSS5.8AI score0.00451EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:18 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the resources.GetRemote process while the host platform uses the cgo system resolver. When alternate IPv4 encodings are used in URLs, such as integer, hexadecimal, or octal representations, which bypa...

8.6CVSS5.9AI score0.00208EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 5:45 p.m.6 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the os.ReadFile function during direct lookups via resources.Get. An attacker can access arbitrary files outside the intended directory by placing a symlink inside a mounted directory that points to files outside the...

6.5CVSS6AI score0.00318EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 2:46 p.m.10 views

EUVD-2026-37802

Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK installpackages...

8.4CVSS5.8AI score0.00302EPSS
Exploits0References4
OSV
OSV
added 2026/06/19 2:35 p.m.7 views

GHSA-HCXC-WF8J-23HV OpenFGA: OIDC audience validation skipped when --authn-oidc-audience is unset

Description OpenFGA's OIDC authenticator skipped JWT audience aud validation when no audience was configured. In deployments where one identity provider issues tokens for multiple services, a token minted for an unrelated service could authenticate to OpenFGA. Preconditions This applies if the...

6.8CVSS5.8AI score0.00298EPSS
Exploits0References2
Rows per page
Query Builder