Lucene search
K

11 matches found

Snyk
Snyk
added 2026/06/08 11:16 p.m.5 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the bz2.BZ2Decompressor objects. An attacker can cause out-of-bounds writes to a stack buffer by reusing a decompressor object after a decompression error and providing crafted input. This can result in...

8.2CVSS5.5AI score0.00376EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 12:0 a.m.5 views

Arbitrary Code Injection

Overview llm is a CLI utility and Python library for interacting with Large Language Models from organizations like OpenAI, Anthropic and Gemini plus local models installed on your own machine. Affected versions of this package are vulnerable to Arbitrary Code Injection via the --functions...

9.8CVSS6.2AI score0.00327EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/23 9:51 p.m.3 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the parsing of dimension names. An attacker can achieve arbitrary code execution by enticing a user to open a specially crafted file or visit a malicious page, which leads to improper validation of...

8.5CVSS7.5AI score0.00306EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/09 5:17 p.m.1 views

Protection Mechanism Failure

Overview mad-proxy is a Lightweight HTTP/HTTPS interception proxy with real-time traffic firewall and domain block. Affected versions of this package are vulnerable to Protection Mechanism Failure via the HTTP/HTTPS Traffic. An attacker can access sensitive traffic by bypassing established...

6.9CVSS6.7AI score0.00208EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/08 10:20 p.m.2 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference affecting VerifyVoteExtension and vote verification functions. An attacker can cause intermittent validator panics and disrupt consensus operations by submitting a VoteExtension message with the blockhash field...

8.7CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.3 views

Synchronous Access of Remote Resource without Timeout

Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Synchronous Access of Remote Resource without Timeout by using the option for connecting to an external filesystem via the sshfs-client. An attacker can cause the...

8.2CVSS7AI score0.00442EPSS
Exploits1References2
Snyk
Snyk
added 2022/07/10 2:34 p.m.4 views

HTTP Request Smuggling

Overview llhttp is a set of Ruby bindings for llhttp. Affected versions of this package are vulnerable to HTTP Request Smuggling. when the llhttp parser in the http module does not adequately delimit HTTP requests with CRLF sequences. Remediation There is no fixed version for llhttp. References -...

6.8CVSS7AI score0.77278EPSS
Exploits1References2
Snyk
Snyk
added 2022/05/18 9:28 a.m.2 views

Inadequate Encryption Strength

Overview randompasswordgenerator is a generates a random password with various useful options. Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the use of Kernelrand to generate passwords, which, as a result of its cyclic nature, can facilitate password...

7.5CVSS7AI score0.01705EPSS
Exploits1References2
Snyk
Snyk
added 2022/03/11 11:34 a.m.2 views

Double Free

Overview Affected versions of this package are vulnerable to Double Free via the component sixelchunkdestroy at /root/libsixel/src/chunk.c. Remediation There is no fixed version for libsixel. References - GitHub Issue...

9.8CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2020/12/11 3:41 p.m.1 views

Command Injection

Overview lycwed-spritesheetjs is a command-line spritesheet a.k.a. Texture Atlas generator written in Node.js. Affected versions of this package are vulnerable to Command Injection. PoC var spritesheet = require"lycwed-spritesheetjs"; spritesheet"./", fuzz:"& touch 111233 ", ext: "json" , functio...

7.3CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2020/06/15 7:44 a.m.4 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection a malicious user could inject commands through the data variable: Affected Area require'../server/getJsonByCurl'mock2easy, function error, stdout if error return res.json500, error; res.jsonJSON.parsestdout; , '',...

9.8CVSS7.2AI score0.02044EPSS
Exploits1References2
Rows per page
Query Builder