Lucene search
+L

800 matches found

Snyk
Snyk
added 2026/07/08 2:25 a.m.14 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the scp process. An attacker can cause files to be placed outside the intended directory by crafting a copy operation between two remote destinations. Remediation A fix was pushed into the master branch but n...

5.4CVSS6.1AI score0.00241EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/07 3:25 p.m.5 views

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the checksdpcrypto function due to an inverted boolean condition. An attacker can weaken the binding between DTLS certificates and SDP by intercepting and modifying WebRTC signaling...

6.3CVSS6.1AI score0.0015EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:19 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the connected-components when invalid arguments are provided. An attacker can cause the application to enter an infinite loop by supplying specially crafted input. Remediation A fi...

7.1CVSS6AI score0.0009EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:19 p.m.5 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to incorrect handling of arguments in the JP2 encoder. An attacker can cause a heap buffer over-write by supplying specially crafted arguments during image processing. Remediation A fix was pushed into the...

6.9CVSS6.1AI score0.00103EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/26 2:8 a.m.9 views

Improper Handling of Unicode Encoding

Overview Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in the checkServerIdentity function in lib/tls.js, which does not normalize an internationalized hostname to ASCII before matching it against certificate names. An attacker presenting a certificate...

7.7CVSS7.4AI score0.02486EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/26 2:8 a.m.20 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the WebCrypto cipher output length calculation in src/crypto/cryptoaes.cc, where datalen + blockSize + taglen is computed as a signed int before being passed to OpenSSL. An attacker can abort the proces...

8.7CVSS7.3AI score0.02806EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/21 5:11 p.m.7 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper handling of integer values in the storeAtts function. An attacker can cause memory corruption or potentially execute arbitrary code by providing specially crafted input that triggers the...

7.5CVSS6.2AI score0.00102EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/21 5:11 p.m.8 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the xmlwf process when the -d parameter is used to specify an output directory. An attacker can cause unintended behavior or potentially execute arbitrary code by providing a specially crafted output...

7.3CVSS6.2AI score0.00098EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/21 5:11 p.m.20 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the getAttributeId function. An attacker can cause memory corruption or execute arbitrary code by providing specially crafted input that triggers an integer overflow. Remediation A fix was pushed into...

7.5CVSS6.2AI score0.00102EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/21 5:11 p.m.7 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper handling of integer values in the copyString function. An attacker can cause memory corruption or potentially execute arbitrary code by providing specially crafted input that triggers the...

7.5CVSS6.2AI score0.00102EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/21 5:11 p.m.8 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the resolveSystemId function. An attacker can cause unexpected behavior or potentially execute arbitrary code by providing specially crafted input that triggers an integer overflow during processing...

7.5CVSS6.2AI score0.0011EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/21 5:9 p.m.7 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the endDoctypeDecl process when handling NOTATION declarations. An attacker can cause memory corruption or potentially execute arbitrary code by providing specially crafted XML input. Remediation A fix...

7.5CVSS6.2AI score0.0011EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 6:4 a.m.4 views

CVE-2026-55741 Cotonti CSRF in admin.config.php allows unauthorized configuration changes

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the administration configuration handler. In system/admin/admin.config.php, the configuration update action 'a=update' processes POST data via cotconfigupdateoptions without calling cotcheckxg to validate...

8.7CVSS6.1AI score0.00176EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/17 6:44 p.m.5 views

Unchecked Input for Loop Condition

Overview Affected versions of this package are vulnerable to Unchecked Input for Loop Condition in the SSHMSGEXTINFO handler during the initial handshake process. An attacker can cause the client application to become unresponsive by sending a crafted extension count value that triggers an infini...

8.2CVSS7AI score0.00408EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/17 6:22 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the handling of WebSocket message fragments. An attacker can cause unbounded memory growth and...

8.7CVSS5.9AI score0.00789EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 2:4 p.m.8 views

Insertion of Sensitive Information into Log File

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the error handling process for certain API and WebSocket routes, where unsanitized exception...

6.9CVSS5.8AI score0.00796EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/15 8:20 p.m.10 views

Buffer Overflow

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Buffer Overflow in the Buffer API. An attacker can cause application crashes or trigger incorrect memory...

9.8CVSS5.9AI score0.00253EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:13 p.m.10 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the ICON decoding. An attacker can cause a crash by providing a specially crafted ICON file that triggers an out-of-bounds heap write. Remediation A fix was pushed into the master branch but not yet published...

8.8CVSS5.3AI score0.00353EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.9 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release due to improper handling of process termination signals in the timeout mechanism by using the catchable SIGALRM signal instead of the uncatchable SIGKILL signal. An attacker can cause resource...

7.1CVSS6AI score0.00268EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.7 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the Floyd-Steinberg dithering when handling images with a mask. An attacker can cause a negative heap buffer overwrite by supplying a specially crafted image file. Remediation A fix was pushed into the master bran...

6.8CVSS5.5AI score0.00103EPSS
Exploits0References2
Rows per page
Query Builder