Lucene search
K

11 matches found

Snyk
Snyk
added 2026/05/04 7:46 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the io.Copy process that handles binary import requests. An attacker can exhaust disk space on the host system by continuously streaming large amounts of data to the affected...

5.3CVSS5.8AI score0.00333EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 7:44 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the YAML metadata parsing process. An attacker can cause excessive memory consumption and potentially trigger an out-of-memory condition on the server by uploading a crafted image ...

5.3CVSS5.8AI score0.00269EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 7:38 p.m.5 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference through the UploadAllFiles process. An attacker can cause the daemon to crash by importing a truncated or malformed backup archive that triggers a nil-pointer dereference during tar file iteration. Remediation...

7.1CVSS5.8AI score0.00394EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 5:45 p.m.5 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateCustomVolumeFromBackup process. An attacker can cause the daemon to crash by importing a crafted backup archive containing a null entry in the volumesnapshots array, which leads to a nil-pointer...

7.1CVSS5.8AI score0.00299EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 5:40 p.m.5 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateBucketFromBackup process when handling backup metadata during storage bucket import. An attacker can cause the daemon to crash and disrupt service availability by supplying a crafted archive with a...

7.1CVSS5.8AI score0.00398EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.9 views

PT-2026-36995

Name of the Vulnerable Software and Affected Versions lxc versions prior to 7.0.0 Description A logic flaw in the find line function of the lxc-user-nic setuid helper allows an unprivileged user to delete OVS-attached network interfaces belonging to other users. When scanning the NIC database to...

6.5CVSS5.8AI score0.00162EPSS
Exploits1References18
Snyk
Snyk
added 2026/03/24 10:16 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Scriban.Signed is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Affected versions of this package are vulnerable to Allocation of Resources Without...

7.1CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2025/05/30 3:30 p.m.4 views

Incorrect Authorization

Overview org.wso2.is:identity-server-parent is an open source Identity and Access Management solution federating and managing identities across both enterprise and cloud service environments. Affected versions of this package are vulnerable to Incorrect Authorization due to a business logic flaw ...

5.4CVSS6.8AI score0.00594EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/01/24 12:0 a.m.6 views

PT-2024-14253 · Airflow · Airflow

Name of the Vulnerable Software and Affected Versions: Airflow versions 5.2.0 through 6.x Airflow versions 2.3.0 through 2.6.0 Description: The Airflow worker serializes a Kubernetes configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption...

6.5CVSS7.2AI score0.00381EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2022/06/27 12:0 a.m.4 views

PT-2022-15277 · Parse-Url · Url-Parse

Name of the Vulnerable Software and Affected Versions: parse-url versions prior to 7.0.0 Description: The issue is related to Server-Side Request Forgery SSRF in the parse-url repository. This allows for the exploitation of parse URL to read local files. Recommendations: For versions prior to...

9.8CVSS8.9AI score0.01533EPSS
Exploits1References9
Snyk
Snyk
added 2021/01/19 2:35 p.m.4 views

Server-side Request Forgery (SSRF)

Overview github.com/thecodingmachine/gotenberg is a Docker-powered stateless API for PDF files. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as...

6.1CVSS6.8AI score0.01053EPSS
Exploits1References2
Rows per page
Query Builder