Lucene search
K

19 matches found

Snyk
Snyk
added 2026/05/29 6:8 p.m.9 views

Protection Mechanism Failure

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Protection Mechanism Failure through the NodeVM builtin wildcard expansion in lib/builtin.js. An attacker can load Node’s private...

9.3CVSS5.9AI score0.00282EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/21 8:34 p.m.15 views

Incorrect Authorization

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Incorrect Authorization via the OAuthTokenStrategy in the authentication component. An attacker can access endpoints reserved for other token types or privileged users by presenting an OAuth token to routes that accep...

7.4CVSS5.8AI score0.00151EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/20 3:42 a.m.9 views

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error via the establishproxyconnection function. An attacker can corrupt stack memory by sending a specially crafted HTTP proxy response line of 1023 or more bytes without a newline terminator, potentially leading to...

5.9CVSS5.8AI score0.00337EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 5:22 p.m.10 views

Improper Validation of Syntactic Correctness of Input

Overview org.apache.tomcat:coyote is a maven plugin for Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the processing of HTTP/2 request headers. An attacker can cause unexpected behavior or potentiall...

9.8CVSS5.8AI score0.01339EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/05 9:26 a.m.9 views

Origin Validation Error

Overview org.webjars.npm:thrift is a lightweight, language-independent software stack with an associated code generation mechanism for point-to-point RPC. Affected versions of this package are vulnerable to Origin Validation Error in the webserver.js component. An attacker can access unauthorized...

8.6CVSS5.9AI score0.00394EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 8:0 p.m.5 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the cryptographic algorithm implementation. An attacker can compromise the confidentiality of sensitive information by exploiting weak or insufficient cryptographic algorithms...

2.9CVSS7.2AI score0.00124EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 3:11 p.m.5 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the profiling.sampling module of asyncio introspection capabilities feature when a privileged process connects to a malicious process via the remote debugging tool. An attacker can read and write memory...

6CVSS6AI score0.00132EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 7:17 p.m.9 views

Deserialization of Untrusted Data

Overview praisonai is a PraisonAI TypeScript AI Agents Framework - Node.js, npm, and Javascript AI Agents Framework Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the YAML deserialization in the loadAgentFromFile function. An attacker can execute...

9.8CVSS6.2AI score0.0058EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 2:36 a.m.2 views

Missing Authorization

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Missing Authorization in the select-usb-device event callback, which did not validate the chosen device ID...

5.4CVSS5.8AI score0.00162EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/02 9:0 p.m.5 views

Incorrect Authorization

Overview @openclaw/matrix is an OpenClaw Matrix channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the process that fetches thread root and reply context, which bypasses the sender allowlist. An attacker can gain unauthorized access to message threads by...

6.5CVSS5.9AI score0.00157EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/18 8:11 p.m.4 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function through the WebSocket message handler in kernel/server/serve.go. An attacker can crash the kernel process and disrupt service availability by sending malformed JSON over an unauthenticated...

8.7CVSS6.4AI score0.00497EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/10 6:24 p.m.1 views

Authorization Bypass Through User-Controlled Key

Overview craftcms/commerce is a Craft Commerce Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the number parameter in the cart loading process. An attacker can gain unauthorized access to and modify another user's shopping cart by...

6.3CVSS5.7AI score0.00284EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/02 4:9 p.m.4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the ttvarloaditemvariationstore function when processing HVAR, VVAR, or MVAR tables in OpenType variable fonts. An attacker can access sensitive information or cause a crash by enticing a user to open a specially...

5.3CVSS7.7AI score0.00141EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/30 3:31 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview io.undertow:undertow-core is a Java web server based on non-blocking IO. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the getParameterNames function. An attacker can cause an OutOfMemoryError by sending requests with...

8.7CVSS5.6AI score0.00575EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/26 10:44 p.m.1 views

Uncontrolled Recursion

Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Uncontrolled Recursion via the fromDer function in asn1.js, which lacks recursion depth. An attacker can cause stack exhaustion and disrupt service availability by submitting...

8.7CVSS6.7AI score0.00373EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/25 2:41 p.m.3 views

Integer Overflow to Buffer Overflow

Overview Affected versions of this package are vulnerable to Integer Overflow to Buffer Overflow via the PSD Image Decoding functionality. An attacker can execute arbitrary code by supplying a specially crafted .psd file that triggers an integer overflow during stride calculation, leading to a...

8.8CVSS7.9AI score0.00636EPSS
Exploits1References2
Snyk
Snyk
added 2025/08/04 12:0 a.m.3 views

Expired Pointer Dereference

Overview Affected versions of this package are vulnerable to Expired Pointer Dereference in the parsing process of xsl nodes. An attacker can cause the application to crash by triggering the dereference of expired pointers after memory has been freed. Remediation A fix was pushed into the master...

6.8CVSS6.9AI score0.00161EPSS
Exploits0References2
Snyk
Snyk
added 2024/10/02 2:40 p.m.4 views

Improper Handling of Unicode Encoding

Overview Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding via the command line argument processing. An attacker can manipulate command line inputs to inject unintended arguments or traverse directories by providing malicious filenames containing Unicode...

6.9CVSS5.8AI score0.00725EPSS
Exploits0References2
Snyk
Snyk
added 2024/02/29 8:46 p.m.3 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to the improper handling of objects in memory by the std::sharedcount function. An attacker can cause a denial of service by crafting a malicious input. PoC c git clone https://github.com/qpdf/qpdf cd qpdf...

7.5CVSS6.8AI score0.00436EPSS
Exploits1References2
Rows per page
Query Builder