Lucene search
K

13 matches found

Snyk
Snyk
added 2026/05/11 5:53 p.m.6 views

Deserialization of Untrusted Data

Overview torrentpier/torrentpier is a bull-powered BitTorrent tracker engine. Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the deserialization process. An attacker can execute arbitrary code or read files by supplying crafted serialized data. Detai...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 2025/11/25 12:42 a.m.1 views

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the identity/groups endpoints. An attacker can gain unauthorized root-level permissions by adding a root policy to a group, thereby escalating their own or another user's privileges. Note: This is only...

7.5CVSS7AI score0.00315EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 5:46 a.m.4 views

CVE-2014-125110

A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on WordPress and classified as problematic. Affected by this vulnerability is the function wfuajaxactioncallback of the file lib/wfuajaxactions.php. The manipulation leads to cross site scripting. The attack can be launched...

4CVSS5.9AI score0.00491EPSS
Exploits0References1
Snyk
Snyk
added 2025/04/08 9:31 p.m.2 views

Access Control Bypass

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass in the authorization process. An attacker can gain limited unauthorized access by exploiting insufficient authorization checks with high privileges...

6.9CVSS6.9AI score0.00425EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/11 6:31 p.m.2 views

Access Control Bypass

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass that could allow a privileged attacker to escalate privileges. Remediation Upgrade magento/community-edition to version 2.4.4-p12, 2.4.5-p11, 2.4.6-p9...

5.1CVSS6.9AI score0.00491EPSS
Exploits0References2
Snyk
Snyk
added 2024/10/10 12:31 p.m.1 views

Access Control Bypass

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass. A low-privileged attacker can bypass security measures and impact system integrity by exploiting this vulnerability without user interaction...

5.3CVSS6.8AI score0.00521EPSS
Exploits0References2
Snyk
Snyk
added 2024/10/10 12:31 p.m.4 views

Improper Input Validation

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Input Validation through the PHP filter chain. An attacker with administrative privileges can read files from the system outside of the intended directories and...

7.6CVSS6.9AI score0.00852EPSS
Exploits0References2
Snyk
Snyk
added 2024/10/10 12:31 p.m.1 views

Access Control Bypass

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass. A low-privileged attacker can bypass security measures and compromise data integrity by exploiting these settings. Remediation Upgrade...

6.9CVSS6.9AI score0.00626EPSS
Exploits0References2
Snyk
Snyk
added 2024/08/14 12:35 p.m.1 views

Command Injection

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Command Injection via improper neutralization of special elements. An admin attacker can execute arbitrary system commands by leveraging administrative privileges and...

9.3CVSS7.5AI score0.01529EPSS
Exploits0References2
Snyk
Snyk
added 2024/04/10 3:30 p.m.1 views

Improper Input Validation

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Input Validation due to improper input validation. An attacker can execute arbitrary code in the context of the current user by sending specially crafted input to...

9.5CVSS7.6AI score0.01418EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/17 12:0 a.m.7 views

PT-2023-29701 · Node.Js +1 · Node.Js +1

Name of the Vulnerable Software and Affected Versions: Synchrony deobfuscator versions prior to 2.4.4 Description: A proto pollution vulnerability exists in the LiteralMap transformer, allowing crafted input to modify properties in the Object prototype. Successful exploitation could lead to...

8.1CVSS7.9AI score0.00415EPSS
Exploits1References13
Snyk
Snyk
added 2023/10/13 9:30 a.m.1 views

Improper Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Authorization due to improper handling of authorization checks. An attacker can bypass security features and access unauthorized data without user interaction...

8.7CVSS6.9AI score0.00688EPSS
Exploits0References2
Snyk
Snyk
added 2023/06/15 9:30 p.m.2 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine due to the improper neutralization of special elements used in a template engine. An attacker can...

9.4CVSS7.8AI score0.01223EPSS
Exploits0References2
Rows per page
Query Builder