Lucene search
K

6 matches found

Snyk
Snyk
added 2026/06/02 10:22 p.m.8 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the turbo-stream component in in Framework Mode. An attacker can execute arbitrary code on the remote server by sending specially crafted external requests that exploit an existing prototype polluti...

9.2CVSS6.1AI score0.00416EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/22 10:50 p.m.2 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of JWT authentication middleware and RBAC authorization checks in the routing configuration for /api/v1/jobs endpoint. An attacker can view, update, and delete jobs by sending...

9.8CVSS5.6AI score0.00713EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/08 8:48 p.m.4 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the resolvePath function when used with navigate, , or redirect. An attacker can cause the application to redirect users to external, potentially malicious URLs by supplying crafted paths. Note: This is only exploitabl...

7.1CVSS6.7AI score0.00198EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/13 7:59 p.m.3 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the isSensitiveSpec function which calls grpcomni.CreateResource without checking if the resource's metadata field is nil. An attacker can cause a server crash and disrupt service availability by sending emp...

7.5CVSS7AI score0.0053EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/17 7:21 p.m.1 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the Manager web UI endpoints /api/v1/jobs and /preheats. An attacker can gain unauthorized access to create, delete, or modify jobs, and initiate preheat jobs by sending unauthenticated requests to these...

9.1CVSS6.8AI score0.00361EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2021/06/07 12:0 a.m.447 views

OptiLink ONT1GEW GPON 2.1.11_X101 Build 1127.190306 - Remote Code Execution (Authenticated)

Exploit Title: OptiLink ONT1GEW GPON 2.1.11X101 Build 1127.190306 - Remote Code Execution Authenticated Date: 23/03/2021 Exploit Authors: Developed by SecNigma and Amal. Vendor Homepage: https://optilinknetwork.com/ Version: ONT1GEW V2.1.11X101 Build.1127.190306 Mitigation: Ask the vendor to issu...

7.4AI score
Exploits0
Rows per page
Query Builder