Lucene search
K

78 matches found

Snyk
Snyk
added 2026/06/18 1:15 p.m.4 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the MagicYUV decoder process in the libavcodec library. An attacker can cause a denial of service or potentially execute arbitrary code by submitting a specially crafted file that triggers an odd sliceheight valu...

8.8CVSS7.5AI score0.00477EPSS
Exploits3References2
Snyk
Snyk
added 2026/06/17 2:6 p.m.8 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification through the audio.py file. An attacker can cause excessive memory consumption by...

7.1CVSS5.9AI score0.00243EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 6:33 p.m.9 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the QUIC server when address validation is disabled. An attacker can crash the server by sending an initial packet with an invalid or expired token. Address validation is enabled by default, so this is...

8.7CVSS7.1AI score0.00684EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:51 p.m.5 views

Server-side Request Forgery (SSRF)

Overview geonode is an application for serving and sharing geospatial data Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the service registration endpoint. An attacker can access internal network resources and sensitive endpoints by submitting crafted...

8.8CVSS5.3AI score0.00172EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 1:10 p.m.12 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the magick -distribute-cache process. An attacker can cause a heap buffer overwrite in the server process by connecting to the service. Remediation A fix was pushed into the master branch but not yet...

7.3CVSS5.9AI score0.00092EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/21 8:39 p.m.26 views

Insufficient Session Expiration

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Insufficient Session Expiration through the ApiToken delete path in the token management code. An attacker can keep using a deleted API token by deleting it while the cache entry remains keyed under the token value,...

6.3CVSS5.8AI score0.00197EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/07 4:26 a.m.10 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the Buffer.alloc family in lib/setup-sandbox.js. An attacker can crash t...

8.7CVSS5.8AI score0.00424EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/05 10:16 p.m.10 views

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isSSRFSafeURL process. An attacker can access sensitive internal resources and exfiltrate data by supplying a crafted URL...

7.7CVSS5.8AI score0.00348EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/04 7:29 p.m.8 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the loadpnm process. An attacker can cause a heap buffer overflow by supplying a crafted PNM/PGM/PPM file with large dimension values that trigger an integer overflow during size computation, leading to...

6.9CVSS6AI score0.00142EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/28 9:19 a.m.4 views

Integer Overflow or Wraparound

Overview github.com/apache/thrift/lib/go/thrift is a Go implementation of the Apache Thrift library. Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper handling of integer values in the TFramedTransport function on 32-bit architectures. An attacker...

8.2CVSS5.8AI score0.01163EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/25 11:46 p.m.4 views

Incorrect Authorization

Overview @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin community maintained by @m1heng Affected versions of this package are vulnerable to Incorrect Authorization through the Feishu card-action callback process. An attacker can bypass intended policy restrictions by crafting a...

6.9CVSS5.8AI score0.00265EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 6:31 p.m.9 views

Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the Twig sandbox security policy, which permits database write operations even when safe mode is enabled. An attacker with Developer permissions can modify, insert, or delete data in any database...

7.5CVSS5.8AI score0.00229EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/18 9:0 p.m.8 views

Improper Validation of Specified Index, Position, or Offset in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Index, Position, or Offset in Input due to accepting external output buffers but not rejecting out-of-range writes small buf or large offset. This inconsistency allows silent partial writes into...

9.3CVSS5.8AI score0.00337EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/16 12:0 a.m.5 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' while handling a specially crafted XML Schema Definition XSD validated document containing an internal entity reference. An attacker can cause the application to crash by...

7.5CVSS5.8AI score0.00632EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 6:48 p.m.5 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the FX expression parser. An attacker can cause the application to crash by supplying a deeply nested expression. Remediation A fix was pushed into the master branch but not yet published. References - GitHub...

6.8CVSS5.7AI score0.00144EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 11:6 p.m.7 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the XMP profile handling process. An attacker can cause a crash by providing a specially crafted image file that triggers the reading and printing of values from an invalid XMP profile. Remediation A fix was pushed int...

6.8CVSS5.8AI score0.00184EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 10:11 p.m.7 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the DestroyXMLTree function. An attacker can cause the application to exhaust stack memory and terminate unexpectedly by submitting an XML file with deeply nested structures. Remediation A fix was pushed into t...

8.7CVSS5.8AI score0.0051EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 5:8 p.m.5 views

Improper Encoding or Escaping of Output

Overview org.apache.logging.log4j:log4j-core is a logging library for Java. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the Log4j1XmlLayout plugin. An attacker can cause log events to be silently lost or downstream log processing systems to drop ...

7.7CVSS5.8AI score0.00535EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 11:8 p.m.13 views

Buffer Over-read

Overview Affected versions of this package are vulnerable to Buffer Over-read in the MatchDomainName function during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. An attacker can cause a crash by supplying a crafted hostname that exhausts the entire string, resulting ...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 9:31 p.m.6 views

Arbitrary Command Injection

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Arbitrary Command Injection via the Bash.run method in metagpt/tools/libs/terminal.py. An attacker can execute arbitrary operating system commands by supplying crafted input remotely. Remediation A...

9.8CVSS7.7AI score0.02241EPSS
Exploits1References2
Rows per page
Query Builder