Lucene search
K

13 matches found

Snyk
Snyk
added 2026/05/11 9:20 p.m.4 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the logging process. An attacker can access sensitive information by obtaining the local sqlite database, which may contain file content that should have been...

6.8CVSS5.5AI score0.00106EPSS
Exploits0References2
NVD
NVD
added 2026/04/18 2:16 p.m.5 views

CVE-2026-40948

The Keycloak authentication manager in apache-airflow-providers-keycloak did not generate or validate the OAuth 2.0 state parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's...

5.4CVSS0.00328EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/18 1:22 p.m.4 views

EUVD-2026-23676

The Keycloak authentication manager in apache-airflow-providers-keycloak did not generate or validate the OAuth 2.0 state parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's...

5.7AI score0.00328EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/16 9:22 p.m.3 views

Path Equivalence

Overview rou3 is a Lightweight and fast router for JavaScript. Affected versions of this package are vulnerable to Path Equivalence due to insufficient preservation of empty segments. An attacker can bypass access restrictions and rate limits by sending requests with multiple slashes in the URL...

7.3CVSS6.8AI score
Exploits0References2
CVE
CVE
added 2025/11/25 7:48 p.m.38 views

CVE-2025-66016

CGGMP24 (ECDSA TSS) CVE-2025-66016 concerns a missing check in the ZK proof in CGGMP21 that could allow a single malicious signer to reconstruct the full private key. The issue is described across multiple sources: prior to version 0.6.3, the missing check enabled the attack; a patch exists in v0...

9.3CVSS6.3AI score0.00163EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/01 6:28 a.m.2 views

External Control of File Name or Path

Overview dbgpt is a DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure. Affected versions of this packa...

9.1CVSS7AI score0.00593EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.3 views

SQL Injection

Overview dbgpt is a DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure. Affected versions of this packa...

9.8CVSS7.9AI score0.00994EPSS
Exploits1References2
Snyk
Snyk
added 2025/01/27 6:42 p.m.5 views

Deserialization of Untrusted Data

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the hfmodelweightsiterator process due to the usage of the torch.load function with the weightsonly parameter...

8.8CVSS7.8AI score0.00694EPSS
Exploits0References2
OSV
OSV
added 2024/10/04 8:15 p.m.1 views

DEBIAN-CVE-2024-47764

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...

6.9CVSS6.3AI score0.00749EPSS
Exploits0References1
OSV
OSV
added 2024/10/04 8:15 p.m.7 views

AZL-50085 CVE-2024-47764 affecting package js-jquery 3.5.0-4

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...

6.9CVSS6.7AI score0.00749EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2023/11/10 6:56 p.m.7 views

CVE-2023-5950 Rapid7 Velociraptor Reflected XSS

This advisory covers a specific issue identified in Velociraptor and disclosed by a security code review. We want to thank Mathias Kujala for working with the Velociraptor team to identify and rectify this issue. It has been fixed as of Version 0.7.0-4, released November 6, 2023. CVSS · HIGH ·...

8.6CVSS6.2AI score0.00465EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2020/09/01 12:0 a.m.4 views

PT-2020-19697 · U Root · U-Root

Name of the Vulnerable Software and Affected Versions: github.com/u-root/u-root/pkg/tarutil versions prior to 0.7.0 Description: The issue affects the tar file extraction in the github.com/u-root/u-root/pkg/tarutil package, making it vulnerable to both leading and non-leading relative path...

7.5CVSS7.9AI score0.0183EPSS
Exploits1References8
Snyk
Snyk
added 2017/07/30 5:29 p.m.1 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service assertion failure and application exit via a '!2' string. Details Denial of...

7.5CVSS5.8AI score0.02249EPSS
Exploits1References2
Rows per page
Query Builder