Lucene search
K

15 matches found

Snyk
Snyk
added 2026/04/14 6:48 p.m.5 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the FX expression parser. An attacker can cause the application to crash by supplying a deeply nested expression. Remediation A fix was pushed into the master branch but not yet published. References - GitHub...

6.8CVSS5.7AI score0.00144EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 10:11 p.m.6 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the DestroyXMLTree function. An attacker can cause the application to exhaust stack memory and terminate unexpectedly by submitting an XML file with deeply nested structures. Remediation A fix was pushed into t...

8.7CVSS5.8AI score0.0051EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 11:8 p.m.7 views

Buffer Over-read

Overview Affected versions of this package are vulnerable to Buffer Over-read in the MatchDomainName function during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. An attacker can cause a crash by supplying a crafted hostname that exhausts the entire string, resulting ...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/06 11:6 p.m.4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the dolayersurface process when pixel index values from decoded XCF tile data are used directly as colormap indices without validation against the colormap size. An attacker can cause heap out-of-bounds reads and...

7.1CVSS7AI score0.00262EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 10:21 p.m.3 views

Server-side Request Forgery (SSRF)

Overview prompts.chat is a Developer toolkit for AI prompts - build, validate, parse, and connect to prompts.chat Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Wiro media-generate plugin. An attacker can access internal network resources and exfiltra...

5.3CVSS5.8AI score0.00195EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 8:41 p.m.5 views

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource in the zipfileInflate function of the zipfile extension. An attacker can access sensitive heap memory contents by supplying a specially crafted ZIP file. Remediation Upgrade sqlite3 to version 3.51.3 or...

7.5CVSS6AI score0.00301EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/04 10:59 p.m.2 views

XML Entity Expansion (Billion Laughs)

Overview Affected versions of this package are vulnerable to XML Entity Expansion Billion Laughs when parsing of custom XML entities in DOCTYPE. An attacker can cause the application to consume excessive memory by submitting malicious SVG files containing recursive entity references. Workaround F...

8.7CVSS5.8AI score0.00612EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/06 3:46 a.m.3 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the identityTriggerType function in the pfcpreports.go file. An attacker can cause a denial of service by sending specially crafted requests that trigger a null pointer dereference. Remediation Upgrade...

7.5CVSS6.1AI score0.00526EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/27 12:0 a.m.5 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the Host header processing when an HTTP proxy is configured. An attacker can cause unintended or unauthorized HTTP requests to be forwarded by injecting additional HTTP headers or request bodies by supplying specially...

6.1CVSS6AI score0.00312EPSS
Exploits1References2
Snyk
Snyk
added 2025/11/26 10:43 p.m.1 views

Integer Overflow or Wraparound

Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the derToOid function in the asn1.js file, which decodes ASN.1 structures containing OIDs with oversized arcs. An attacker can bypass security...

6.3CVSS6.4AI score0.00276EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/21 9:41 a.m.4 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to an improper fix for CVE-2025-6507. An attacker can execute arbitrary code and access unauthorized system files by injecting malicious parameters that bypass regular expression filters by adding...

9.8CVSS9.6AI score0.12993EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/17 6:39 p.m.1 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to improper validation of user-supplied paths in router.go. An attacker can access sensitive files on the server by crafting requests with directory traversal sequences in the URL path. Remediation A fix was...

8.7CVSS6.5AI score0.01527EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/12 7:42 a.m.4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the SplitRTR function in the rtr.go file, which allows access to data without checking the input length. An attacker can cause a denial of service by sending specially crafted input. Remediation Upgrade...

6.3CVSS4.5AI score0.00406EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/08 12:0 a.m.3 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the gdkpixbuf process. An attacker can cause a denial of service by sending specially crafted image files that trigger a heap buffer overflow. Remediation Upgrade gdk-pixbuf to version 2.44.4 or higher. Reference...

8.7CVSS7.5AI score0.01051EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/27 1:46 p.m.1 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the PackLinuxElf64::unDTINIT function in plxelf.cpp. An attacker can trigger a segfault with malicious input. Remediation A fix was pushed into the master branch but not yet published. References - GitHub...

5.5CVSS6.9AI score0.00274EPSS
Exploits1References2
Rows per page
Query Builder