Lucene search
K

16 matches found

Snyk
Snyk
added 2026/06/17 6:35 p.m.6 views

LDAP Injection

Overview org.apache.shiro:shiro-core is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Affected versions of this package are vulnerable to LDAP Injection in the DefaultLdapRealm class. An attacker can bypass...

9.1CVSS5.9AI score0.00494EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/26 4:56 p.m.2 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the improper enforcement of access controls in the ReadAll and GetTaskAttachment processes. An attacker can gain unauthorized access to and delete file attachments across all...

9.3CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/03/25 9:17 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the DownloadImage function when processing user avatar URLs from OpenID Connect authentication. An attacker can cause the server to make arbitrary HTTP requests to internal or cloud metadata endpoint...

7.4CVSS6.5AI score0.00395EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/25 9:17 p.m.2 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the ReadOne process. An attacker can gain unauthorized access to and delete files belonging to other users by supplying their own accessible task ID along with a target attachment...

8.6CVSS6.4AI score0.00265EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/25 9:14 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the DownloadFile and DownloadFileWithHeaders functions. An attacker can cause the server to make arbitrary HTTP requests to internal network resources by supplying crafted URLs during the migration...

6.4CVSS6.5AI score0.00272EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/25 9:14 p.m.1 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the DownloadFile and DownloadFileWithHeaders functions. An attacker can cause the server to make arbitrary HTTP requests to internal network resources by supplying crafted URLs during the migration...

6.4CVSS6AI score0.00272EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/09 10:21 p.m.2 views

Missing Authentication for Critical Function

Overview frosh/adminer-platform is an Adminer for Shopware Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the Adminer route configuration, which does not enforce session validation. An attacker can gain unauthorized access to sensitive...

6.9CVSS5.6AI score0.00362EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/02 6:35 a.m.0 views

Race Condition

Overview lifx-async is an A modern, type-safe, async Python library for controlling LIFX lights Affected versions of this package are vulnerable to Race Condition due to improper synchronization in concurrent request handling within the network module. The package fails to implement adequate...

8.3CVSS7AI score
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/18 2:54 p.m.4 views

Security Bulletin: Buffer Over-read in PostgreSQL GB18030 Encoding Validation Leading to Potential DoS , affects watsonx.data

Summary Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9,...

5.9CVSS5.9AI score0.00612EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2025/09/10 5:59 p.m.2 views

Memory Allocation with Excessive Size Value

Overview isc.org/stork/backend/server/restservice is an open source ISC project providing a monitoring application and dashboard for ISC Kea DHCP and eventually ISC BIND 9. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the http.Handler functio...

8.7CVSS7AI score0.0041EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/29 2:39 p.m.4 views

Security Bulletin: Logrus is vulnerable to a denial of service, caused by a flaw in the bufio.Scanner log writer., which affects IBM watsonx.data

Summary Logrus is vulnerable to a denial of service, caused by a flaw in the bufio.Scanner log writer. By logging more than 64kb of data in a single entry without newlines, a local attacker could exploit this vulnerability to cause a denial of service. These can affect watsonx.data. Vulnerability...

6.3AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/29 2:36 p.m.10 views

Security Bulletin: VInsecure Default Permissions in Apache Hadoop's RunJar.run() Expose Sensitive Data in Shared Temporary Directory, which affects IBM watsonx.data

Summary Apache Hadoop's RunJar.run does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content. This is because, on unix-like systems, the system temporary directory is shared between all...

6.2CVSS6.1AI score0.00384EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2025/07/24 10:45 p.m.2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the getLast API when processing user-supplied table names. An attacker can execute arbitrary SQL statements on the underlying database by sending crafted API requests, potentially resulting in data theft, corruption,...

9.8CVSS8.3AI score0.0076EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.3 views

SUSE CVE-2020-15210

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b a...

6.5CVSS6.4AI score0.00729EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2020/09/25 12:0 a.m.3 views

PT-2020-14283 · Google · Tensorflow Lite

Name of the Vulnerable Software and Affected Versions: TensorFlow Lite versions prior to 2.2.1 TensorFlow Lite versions prior to 2.3.1 Description: The issue allows models using segment sum to trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment...

9.1CVSS8.7AI score0.0061EPSS
Exploits1References17
Positive Technologies
Positive Technologies
added 2020/09/25 12:0 a.m.1 views

PT-2020-14263 · Google +1 · Tensorflow +1

Name of the Vulnerable Software and Affected Versions: Tensorflow versions prior to 2.2.1 Tensorflow versions prior to 2.3.1 Description: The issue occurs when a user passes a list of strings to dlpack.to dlpack, resulting in a memory leak following an expected validation failure. This happens...

9.8CVSS5.8AI score0.01235EPSS
Exploits16References68
Rows per page
Query Builder