Lucene search
K

230 matches found

Snyk
Snyk
added 2026/07/08 10:38 p.m.5 views

Improper Authentication

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authentication in the parser fast path for inter-server connections, which applies a...

8.8CVSS6.1AI score0.00368EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:1 p.m.5 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the GET /api/oauth/email/bind and GET /api/oauth/wechat/bind endpoints. An attacker can alter account binding state by tricking a logged-in user into visiting a crafted link, potentially allowing the...

6CVSS5.9AI score0.00187EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:1 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the notification URL validation process. An attacker can access internal network resources and potentially expose sensitive internal data by configuring notification URLs to point to hostnames that...

7.7CVSS6AI score0.00437EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the label process. An attacker can obtain sensitive information by accessing labels associated with private organizations without proper authorization. Remediation Upgrade...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 7:5 p.m.3 views

CVE-2026-13760 OS Command Injection in aws-cdk-lib Docker Bundling

OS command injection in the NodejsFunction Docker bundling pipeline OsCommand helper in AWS aws-cdk-lib on all platforms might allow a actor who controls dependency version strings in a project's package.json file to execute arbitrary commands on the host running the CDK toolchain via injected...

7CVSS6.2AI score0.0061EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 10:51 a.m.4 views

Security Bulletin: IBM WebSphere eXtremes Scale is affected by uncontrolled resource consumption when XDF is enabled

Summary IBM WebSphere eXtremes Scale is affected by uncontrolled resource consumption when XDF is enabled CVE-2026-9002 Vulnerability Details CVEID:CVE-2026-9002 DESCRIPTION: IBM WebSphere eXtreme Scale could allow an adjacent attacker to cause a denial of service due to improper validation in th...

6.5CVSS5.8AI score0.00269EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/06/24 3:18 p.m.5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing permission checks in the process responsible for handling Contrast metadata. An attacker can enumerate the names of configured Contrast metadata by leveraging Overall/Read permission. Remediation...

5.4CVSS6AI score0.00167EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 9:22 p.m.15 views

Server-side Request Forgery (SSRF)

Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the JDKFromStringDeserializer class,...

6.9CVSS5.8AI score0.00219EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 8:47 p.m.7 views

Insufficient Verification of Data Authenticity

Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity...

9.1CVSS5.9AI score0.00178EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/18 5:9 a.m.8 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the shell inline-command parsing process. An attacker can execute unauthorized shell commands by crafting command requests that bypass the intended allowlist...

8.1CVSS6AI score0.0026EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/16 5:34 p.m.8 views

Reachable Assertion

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Reachable Assertion via the resolveobjbyqualname function. An attacker can execute arbitrary code by publishing a malicious model with a crafted...

7.5CVSS6.2AI score0.00484EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/12 7:9 p.m.6 views

Deserialization of Untrusted Data

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the VariableFrontend or Registry. An attacker can execute arbitrary PHP code by injecting a crafted serialized payload into...

9.3CVSS6.1AI score0.00215EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 9:11 p.m.6 views

Security Bulletin: The Apache Commons Lang library that is shipped with IBM ApplinX is vulnerable to an Uncontrolled Recursion vulnerability (CVE-2025-48924).

Summary The Apache Commons Lang library that is shipped with IBM ApplinX is vulnerable to an Uncontrolled Recursion vulnerability CVE-2025-48924. The version of the Apache Commons Lang library that is shipped with IBM ApplinX has been updated in order to address the vulnerability. Vulnerability...

5.3CVSS6.2AI score0.02164EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/06/11 12:0 a.m.7 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...

8.8CVSS6.5AI score0.00423EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.7CVSS5.3AI score0.00346EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 7:22 p.m.4 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the ValidatePodSpecSafety and ValidateContainerSafety processes. An attacker can gain elevated privileges and modify the system clock across tenant boundaries by adding CAPSYSTIME to the...

8.5CVSS5.8AI score0.00274EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 8:31 p.m.10 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the handling of raw data arguments in IMAP commands id and enable. An attacker can inject arbitrary IMAP commands by supplying specially crafted input containing CRLF sequences as arguments. This may allo...

5.9CVSS6.2AI score0.00131EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 6:36 p.m.15 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the handling of raw data arguments in IMAP commands such as criteria, searchkeys and attr. An attacker can execute arbitrary IMAP commands by injecting CRLF sequences into user-controlled input, which are...

8.3CVSS6.2AI score0.00491EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 12:0 a.m.8 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via Query By Example QBE StringMatcher handling. An attacker can perform boolean-based blind data inference by supplying wildcard characters in externally controlled input used to populate a QBE probe. When...

6.3CVSS5.9AI score0.00227EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/05 3:55 p.m.7 views

Security Bulletin: A vulnerability in the Axios package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the Axios package affects IBM® Db2® Big SQL 8 and earlier on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not...

9.9CVSS7.6AI score0.01161EPSS
Exploits1Affected Software1
Rows per page
Query Builder