Lucene search
K

38 matches found

Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the handling of the forwarded-proto header when generating public URLs. An attacker can cause the application to generate spoofed canonical URLs by injecting or manipulating the forwarded-proto header value...

7.5CVSS6AI score0.00431EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:17 p.m.6 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via unsafe JavaBean materialization in com.mchange.v2.naming.JavaBeanObjectFactory. An attacker can trigger arbitrary class construction and property initialization by supplying a malicious JNDI Referen...

7.5CVSS6.1AI score0.00327EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/26 11:32 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the id parameter in playlist operations. An attacker can access or delete other users' playlists, and probe for the existence of arbitrary files by supplying a crafted base64-encoded...

7.1CVSS6.1AI score0.00262EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/17 6:39 p.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the EmbeddingSearchRequest.filter process. An attacker can access sensitive data, modify or delete database records, or cause denial of service by injecting crafted input into metadata filter keys or values, which are...

7.6CVSS5.8AI score0.00348EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/11 1:27 p.m.10 views

Insufficiently Protected Credentials

Overview @hapi/wreck is a HTTP Client Utilities library. Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to the improper origin validation in the cross-origin redirect handling. An attacker can obtain sensitive credential headers by crafting cross-port...

8.7CVSS5.4AI score0.0001EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/05 9:15 p.m.8 views

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path in the GlobalAuroraPgDatabaseDialect, which is included in the public schema. A low-privileged user can elevate privileges to rdssuperuser by creating a malicious function that executes when another user connects t...

8.6CVSS5.4AI score0.00305EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/03 10:45 a.m.4 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the loadRawSpec function when parsing BTF collection specifications. An attacker can cause excessive memory allocation or parsing failures by supplying a malicious collection specification to a process...

7.5CVSS6AI score0.00179EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/29 9:14 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of limits on the size of PackBits-compressed data during decompression. An attacker can cause excessive resource consumption by submitting a specially crafted image...

8.7CVSS5.8AI score0.00353EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/26 11:8 p.m.8 views

Insecure Randomness

Overview Affected versions of this package are vulnerable to Insecure Randomness due to the HKDFexpand and EVPHPKECTXexport functions returning a zero-filled byte array on failure, which is then used as key material for AEAD encryption. An attacker can predict and exploit the deterministic,...

6.9CVSS5.5AI score0.00193EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/20 9:45 p.m.15 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the resource parameter in the ssx and jsx endpoints when a leading slash is used. An attacker can access sensitive configuration files by crafting a URL that traverses directories. Note: This issue is due to...

9.8CVSS5.8AI score0.19538EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/14 9:24 p.m.7 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the process that generates uninstall scripts from uploaded software packages, due to improper sanitization of metadata fields. An attacker can execute arbitrary commands with elevated privileges on managed endpoints...

9.8CVSS5.9AI score0.00773EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/07 1:58 a.m.8 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing authentication middleware in the smPolicyGroup route group, which allows unauthenticated requests to access sensitive endpoints. An attacker can gain unauthorized access to subscriber information,...

8.8CVSS5.8AI score0.00323EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/06 9:59 p.m.10 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the GET /api/v1/stable/dags/tasks endpoint via improper tenant checks in the listTasksByDAGIds function. An attacker can access sensitive task metadata belonging to other tenants by...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/28 12:0 a.m.6 views

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization due to improper isolation of the SecurityContext. When an authenticated user experiences an authorization failure, their security context is not properly cleared from the underlying gRPC worker...

8.8CVSS5.8AI score0.00171EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/25 11:30 p.m.5 views

Interpretation Conflict

Overview Affected versions of this package are vulnerable to Interpretation Conflict via a mismatch in path normalization between components. An attacker can gain unauthorized access to restricted resources or perform actions without proper authentication by crafting requests with specially...

10CVSS5.8AI score0.00368EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/15 10:30 p.m.6 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the pprof endpoint. An attacker can obtain sensitive authentication tokens by sending unauthenticated requests to the /debug/pprof/cmdline endpoint and subsequently use the leaked token to gain unauthorized...

9.4CVSS5.8AI score0.00509EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 1:11 a.m.6 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the cross-domain redirects that do not strip custom authentication headers such as X-API-Key, X-Auth-Token, Api-Key, Token. An attacker can obtain sensitive...

7.7CVSS5.8AI score0.00486EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/01 9:9 p.m.4 views

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to DNS rebinding protection being disabled by default in HTTP-based servers using StreamableHTTPHandler or SSEHandler. An attacker can access internal resources or invoke tools exposed by...

8.1CVSS5.9AI score0.00455EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/30 5:21 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /loadIG endpoint, which accepts user-supplied URLs and makes server-side HTTP requests without proper validation of hostnames, schemes, or domains. An attacker can probe internal network services...

6.9CVSS5.9AI score0.00235EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/23 6:16 p.m.3 views

Reliance on Untrusted Inputs in a Security Decision

Overview Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision through spoofed headers in the Rate-Limit process. An attacker can circumvent request throttling by manipulating HTTP headers to appear as different users or clients, potentially...

6.9CVSS5.9AI score0.00328EPSS
Exploits1References3
Rows per page
Query Builder