Lucene search
K

41 matches found

Snyk
Snyk
added 6 days ago5 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the parsing process of a tar archive containing a PAX extended header with a malformed SUN.holesdata sparse-file attribute. An attacker can cause a heap overflow and out-of-bounds read by supplying a...

3.9CVSS6.3AI score0.00203EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 9:59 p.m.11 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the handleTokenExchange function. An attacker can gain unauthorized access to restricted resources by exploiting the lack of enforcement of allowed connectors when exchanging tokens. This is only exploitable i...

8.7CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/05/14 3:22 p.m.9 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the pgcreatesubscriber process. An attacker can execute arbitrary SQL commands with superuser privileges by supplying a crafted subscription name. Remediation A fix was pushed into the master branch but not yet...

7.2CVSS6.1AI score0.00287EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/14 3:22 p.m.14 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via integer wraparound in the allocation process. An attacker can execute arbitrary code or cause a segmentation fault by providing specially crafted, large-scale inputs to database functions. Remediation...

8.8CVSS7.7AI score0.00668EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/05 7:7 p.m.7 views

Arbitrary Code Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Arbitrary Code Injection through the autoEvalCodeOnHTML process. An attacker can execute arbitrary JavaScript code in the browser context of any logged-in user by...

7.2CVSS6.1AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/05 12:26 p.m.8 views

Interpretation Conflict

Overview org.webjars.npm:fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Interpretation Conflict during the decoding of URL host component. An attacker can manipulate the authority component of a URI by supplying percent-encoded delimiters,...

8.7CVSS5.8AI score0.00475EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/23 3:7 p.m.5 views

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization of inline in the BaseCookie.jsoutput function. An attacker can inject arbitrary script content by supplying specially crafted input containing HTML parser-sensitive sequences. Remediation A fix was pushed into th...

6.8CVSS5.6AI score0.00229EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 6:51 p.m.6 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the JP2 encoder when an invalid sampling index is specified. An attacker can cause a denial of service by providing a specially crafted input file. Remediation A fix was pushed into the master branch but not yet...

6.8CVSS5.7AI score0.00189EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/09 7:10 p.m.3 views

Incomplete List of Disallowed Inputs

Overview org.webjars.npm:unhead is a Full-stack manager built for any framework. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the hasDangerousProtocol function though the usage of HtmlEntityHex and HtmlEntityDec RegExp. An attacker can inject malicio...

6.1CVSS5.8AI score0.00285EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 7:10 p.m.3 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the client monitoring message handler due to insufficient validation of the queue name supplied by the client. An attacker can execute arbitrary code on the server by sending a crafted...

8.5CVSS6.2AI score0.0046EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 10:7 a.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the doCertificateUpdate handler in certificates.go. An attacker can change the type of an existing certificate by sending a certificate update reques...

9.6CVSS5.4AI score0.00274EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 6:30 a.m.8 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview mcp-server-taskwarrior is a MCP server for taskwarrior Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the server.setRequestHandler function. An attacker can execute arbitrary command...

5.3CVSS6AI score0.00647EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/09 1:23 a.m.7 views

CVE-2026-22711

Improper neutralization of alternate XSS syntax vulnerability in The Wikimedia Foundation Mediawiki - Wikilove Extension allows Cross-Site Scripting XSS.The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45...

6.9CVSS5.8AI score0.00293EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/04 6:16 a.m.1 views

Information Exposure

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Information Exposure via the install/test.php script when the command-line interface guard is disabled. An attacker can access sensitive information such as viewer...

6.9CVSS5.8AI score0.00332EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/01 12:0 a.m.6 views

Improperly Implemented Security Check for Standard

Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard in the mbedtlssslconfsigalgs function. An attacker can reduce the security strength of cryptographic operations by forcing the use of weaker algorithms, which may result in information...

6.9CVSS5.8AI score0.00135EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 11:50 p.m.5 views

Replay Attack

Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Replay Attack in the webhook-security.ts process. An attacker can bypass replay protection by capturing a valid signed webhook and resending it with reordered query parameters, there...

8.2CVSS5.9AI score0.00149EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 8:10 p.m.3 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write while decoding header names. An attacker can achieve memory corruption and potentially execute arbitrary code by sending specially crafted event-stream messages to a client application. Remediation A fix was pushed...

7.7CVSS6.1AI score0.00376EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/23 12:0 a.m.204 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the processing of XCOFF object files due to improper validation of relocation type values. An attacker can cause application crashes or access unintended memory contents by supplying a specially crafted XCOFF file ...

6.9CVSS5.9AI score0.00168EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/19 6:51 p.m.4 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the wolfSSLd2iSSLSESSION function when deserializing session data with the SESSIONCERTS option enabled. An attacker can corrupt heap memory and potentially execute arbitrary code or cause a crash by supplyi...

8.1CVSS6.2AI score0.00123EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/17 8:33 p.m.54 views

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the proxy.php endpoint when handling HTTP redirects without re-validating the redirect target. An attacker can access internal...

8.7CVSS5.8AI score0.00453EPSS
Exploits1References2
Rows per page
Query Builder