Lucene search
+L

38 matches found

Snyk
Snyk
added 2026/03/13 6:56 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the E2E Metadata Parser API endpoint, which processes unbounded request bodies without size restrictions. An authenticated user can cause the server to run out of memory and disru...

7.1CVSS5.8AI score0.00248EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/05 8:54 p.m.2 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the KillAction and RestartAction API handlers when a log entry is created with a nil binding through StartActionByGet using an invalid action ID. An attacker can cause repeated server-side panics and disrupt...

8.7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/02/26 10:20 p.m.4 views

Interpretation Conflict

Overview Affected versions of this package are vulnerable to Interpretation Conflict in the JSON-RPC and MCP protocol message parsing. An attacker can bypass intermediary inspection or cause cross-implementation inconsistencies by sending protocol messages with non-standard field casing or Unicod...

8.7CVSS6AI score0.00255EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/26 3:13 a.m.11 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the forgot password process. An attacker can gain unauthorized access to user accounts by manipulating the Host header to injecting custom domains into the password reset link sent to users...

9.3CVSS6AI score0.00245EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/17 9:27 p.m.3 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition in which maps from multiple components may be accessed without synchronization. When under heavy concurrent activity, either spontaneous or attacker-generated, the process can be caused to panic and crash with fatal error...

7.5CVSS5.5AI score0.00291EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/04 12:7 a.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ExpandApk function. An attacker can cause excessive resource consumption by providing a specially crafted, highly-compressed .apk stream that decompresses into a large tar...

7.5CVSS5.6AI score0.00366EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/02 10:3 p.m.4 views

Incorrect Control Flow Scoping

Overview Affected versions of this package are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This can cause a...

4.8CVSS5.8AI score0.00112EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.16 views

PT-2026-5463

Name of the Vulnerable Software and Affected Versions Backstage versions prior to 1.13.11 and versions prior to 1.14.1 Description Backstage’s @backstage/plugin-techdocs-node component, used for TechDocs, is susceptible to remote code execution. When TechDocs is configured to run locally runIn:...

7.7CVSS6.4AI score0.00541EPSS
Exploits0References10
Snyk
Snyk
added 2025/11/24 11:31 p.m.2 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/09/23 5:37 p.m.4 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper parsing of the HTTP trailer section in the parse function. An attacker can bypass security controls, launch targeted attacks against users, or poison web caches by crafting specially formed HTTP...

7.5CVSS6.6AI score0.00346EPSS
Exploits1References2
Snyk
Snyk
added 2025/07/03 2:22 p.m.2 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the fileUploadHandler process. An attacker can write arbitrary files to the filesystem by supplying crafted values to the fc.Name parameter, which is not properly sanitized, allowing directory traversal. This c...

8.6CVSS8.3AI score
Exploits0References2
Snyk
Snyk
added 2025/05/15 6:31 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the ExperimentalSettings function. An attacker can exploit this issue by accessing unauthorized settings through the System Console. Note: This is only exploitable if the RestrictSystemAdmin setting is true,...

5.1CVSS6.9AI score0.00278EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/24 11:43 p.m.8 views

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the Validating Admission Controller feature. An attacker with access to the pod network can execute code, which allows them to access stored secrets. By default, the controller can access al...

9.8CVSS7.4AI score0.99098EPSS
Exploits20References2
Snyk
Snyk
added 2025/03/10 6:29 p.m.3 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection when parsing DTD files. External entities referenced in a malicious DTD document are resolved and retrieved. This allows attackers to expose information from internal URLs that are not meant to be...

7.2CVSS7.4AI score
Exploits0References2
OSV
OSV
added 2023/10/18 1:14 p.m.3 views

SUSE-SU-2023:4116-1 Security update for slurm

This update for slurm fixes the following issues: - CVE-2023-41914: Fixed several filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file bsc1216207. Non-security fixes: - Fixed dependency issues that could arise during an upgrade bsc1208810...

7CVSS7AI score0.00196EPSS
Exploits0References4
Snyk
Snyk
added 2022/12/06 4:18 p.m.2 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the theProcess functionality due to improper user-input sanitization. PoC js var root = require"exec-local-bin" root"& touch JHU", Remediation Upgrade exec-local-bin to version 1.2.0 or higher. References - GitHub...

9.8CVSS7.4AI score0.02554EPSS
Exploits1References2
Veracode
Veracode
added 2018/03/15 4:36 a.m.18 views

Information Disclosure

django-anymail is vulnerable to information disclosure. When an error occurs, the value of the WEBHOOKAUTHORIZATION setting is printed in the Django error reports. This may allow anyone with access to the logs to discover the webhook shared secret and send inbound/tracking events to your...

7.4CVSS6.9AI score0.01243EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2012/08/10 12:0 a.m.36 views

Fedora 17 : qemu-1.0.1-1.fc17 (2012-11302)

Fix systemtap tapsets bz 831763 - Fix VNC audio tunnelling bz 840653 - CVE-2012-2652: Possible symlink attacks with -snapshot bz 825697, bz 824919 - Don't renable ksm on update bz 815156 - Bump usbredir dep bz 812097 - Fix RPM install error on non-virt machines bz 660629 - Obsolete openbios to...

4.4CVSS5.4AI score0.00344EPSS
Exploits0References3
Rows per page
Query Builder