Lucene search
K

9 matches found

Snyk
Snyk
added 2026/04/02 9:28 a.m.6 views

Server-side Request Forgery (SSRF)

Overview a11y-mcp is a MCP server for performing accessibility audits on webpages Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the A11yServer function in index.js. An attacker can cause the server to initiate unintended requests to arbitrary resources b...

5.3CVSS6AI score0.0013EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/27 7:20 a.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to insufficient validation of user-supplied media URLs in the BedrockProxyChatModel function. An attacker can cause the server to send HTTP requests to unintended internal or external destinations by...

9.2CVSS5.9AI score0.00353EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.5 views

PT-2026-28324

Name of the Vulnerable Software and Affected Versions Spring AI versions 1.0.0 through 1.0.4 and 1.1.0 through 1.1.3 Description Spring AI's SimpleVectorStore component contains a SpEL injection flaw. This occurs when user-provided input is used as a filter expression key. A malicious actor can...

9.8CVSS6.1AI score0.00821EPSS
Exploits0References19
Snyk
Snyk
added 2026/03/13 8:56 p.m.5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview simpleeval is an A simple, safe single expression evaluator library. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the evaluation when objects passed as names contain modules or other disallowed objec...

9.8CVSS6.1AI score0.00512EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.5 views

PT-2025-53890

Name of the Vulnerable Software and Affected Versions Inboxify versions prior to 1.0.5 Description The Inboxify Sign Up Form, specifically the inboxify-sign-up-form component, contains a flaw related to the handling of user-supplied data during web page creation. This can lead to the injection of...

5.9CVSS6.9AI score0.00172EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/12/03 6:51 a.m.9 views

WordPress DesignThemes LMS plugin <= 1.0.4 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by シルAsuna in WordPress Plugin DesignThemes LMS versions = 1.0.4...

9.8CVSS6.7AI score0.00322EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.5 views

PT-2025-46252

Name of the Vulnerable Software and Affected Versions WP Bootstrap Tabs versions prior to 1.0.5 Description The WP Bootstrap Tabs plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'bootstrap tab' shortcode. Insufficient input sanitization and output escaping of...

6.4CVSS5.2AI score0.00242EPSS
Exploits0References5
Snyk
Snyk
added 2024/10/24 6:30 p.m.3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the file name. An attacker who can upload heic images is able to execute code on the remote server. Remediation Upgrade maestroerror/php-heic-to-jpg to version 1.0.5 or higher. References - GitHub Commit -...

9.8CVSS8.1AI score0.00961EPSS
Exploits1References2
Snyk
Snyk
added 2020/01/07 4:41 p.m.5 views

Command Injection

Overview aws-lambda is a command line tool deploy code to AWS Lambda. Affected versions of this package are vulnerable to Command Injection. The config.FunctioName is used to construct the argument used within the exec function without any sanitization. It is possible for a user to inject arbitra...

9.8CVSS7.5AI score0.01644EPSS
Exploits0References2
Rows per page
Query Builder