Lucene search
K

14 matches found

EUVD
EUVD
added 4 days ago9 views

EUVD-2026-37813

Steeltoe's sensitive actuators heapdump/env only require Restricted permission...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/18 12:20 a.m.5 views

Exposure of Resource to Wrong Sphere

Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere in the TokenKeyResolver function. An attacker can bypass authentication and gain unauthorized access by exploiting the shared static JWKS cache across multiple schemes, allowing a key fetched for one...

7.4CVSS5.9AI score0.0029EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 5:15 p.m.9 views

Inefficient Algorithmic Complexity

Overview org.webjars.npm:js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the storeMappingPair function in loader.js when handling repeated aliases in merge sequences. An attacker can exhaust CPU...

6.9CVSS5.9AI score0.00259EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/15 5:15 p.m.9 views

Inefficient Algorithmic Complexity

Overview js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the storeMappingPair function in loader.js when handling repeated aliases in merge sequences. An attacker can exhaust CPU resources and...

6.9CVSS5.3AI score0.00259EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/19 8:10 p.m.13 views

Allocation of Resources Without Limits or Throttling

Overview sqlfluff is a The SQL Linter for Humans Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the Parser, ParseContext, and Rust parser match-tree handling in the parser components. An attacker can force excessive parse-tree grow...

8.7CVSS5.9AI score0.00263EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/05 6:20 p.m.8 views

Security Bulletin: IBM Data Studio client - CVE-2023-30441

Summary IBM Java versions 8.0.7.0 - 8.0.7.11 are vulnerable to crypto attacks - Has been fixed in IBM Data Studio client 4.2.0. IBM strongly recommends addressing the vulnerability now by upgrading to release 4.2.0 Vulnerability Details CVEID:CVE-2023-30441 DESCRIPTION: IBM Runtime Environment,...

7.5CVSS5.9AI score0.00609EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/02/19 7:32 p.m.4 views

Improper Encoding or Escaping of Output

Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the appearanceState property of the AcroForm module. An attacker can execute arbitrary JavaScript code in the context of the PDF viewer by...

8.6CVSS6AI score0.0043EPSS
Exploits1References2
Snyk
Snyk
added 2025/12/08 10:20 p.m.3 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference affecting VerifyVoteExtension and vote verification functions. An attacker can cause intermittent validator panics and disrupt consensus operations by submitting a VoteExtension message with the blockhash field...

8.7CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2025/11/26 9:40 a.m.2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the processing of delete column statistics requests through the HMS Thrift APIs. An attacker can execute arbitrary SQL commands by sending specially crafted requests to the affected API endpoints. This is only...

7.5CVSS8.3AI score0.00343EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.5 views

PT-2025-48132

Name of the Vulnerable Software and Affected Versions Apache Hive versions 4.1.0 through 4.2.0 Description A SQL injection issue exists in the Hive Metastore Server HMS when handling delete column statistics requests through the Thrift APIs. This issue is exploitable only by authorized users or...

5.4CVSS7.7AI score0.00343EPSS
Exploits0References10
PyPA
PyPA
added 2024/06/11 10:15 p.m.8 views

PYSEC-2024-236

Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting XSS issue. The /proxy endpoint accepts a host path segmen...

9.6CVSS5.8AI score0.00442EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2022/03/01 12:0 a.m.7 views

PT-2022-17501 · Mautic · Mautic

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 3.3.5 Mautic versions prior to 4.2.0 Description: The default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. However, th...

9.1CVSS7.2AI score0.00502EPSS
Exploits0References7
Snyk
Snyk
added 2021/03/08 10:19 a.m.1 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. GET /checkout/shippingrates crashes the server when checkout step has already advanced from Delivery step using the web. Server crashes and needs to be restarted. Details Denial of Service DoS describes a family o...

7.5CVSS7.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/11/21 12:0 a.m.4 views

PT-2019-14701 · Jenkins · Jenkins Google Compute Engine Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Google Compute Engine Plugin versions 4.1.1 and earlier Description: The issue allows man-in-the-middle attacks due to the lack of SSH host key verification when connecting agents created by the plugin. This enables potential attacker...

5.9CVSS5.6AI score0.00868EPSS
Exploits0References5
Rows per page
Query Builder