Lucene search
K

4 matches found

Snyk
Snyk
added 2026/01/15 8:14 p.m.6 views

Incorrect Default Permissions

Overview pepr is a Kubernetes application engine Affected versions of this package are vulnerable to Incorrect Default Permissions due to the default configuration of rbacMode being set to "admin" in the RBAC setup process. An attacker can gain broader privileges than necessary by deploying a...

6.3CVSS5.6AI score0.00227EPSS
Exploits0References2
Snyk
Snyk
added 2025/05/06 4:45 p.m.2 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass through the dispatchReadPump function. An attacker can execute arbitrary commands by sending specially crafted websocket requests. PoC echo -e '"type": "command", "content": "id"' |./websocat...

9.4CVSS7.6AI score0.00605EPSS
Exploits0References3
Snyk
Snyk
added 2022/11/04 9:27 a.m.2 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound which allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. Remediation Upgrade sha3 to version 1.0.5 or higher. Reference...

9.8CVSS7.9AI score0.05193EPSS
Exploits1References2
Snyk
Snyk
added 2021/09/13 10:54 a.m.5 views

Server-side Request Forgery (SSRF)

Overview ssrf-agent is a prevent SSRF in https request Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the defaultIpChecker function. It fails to properly validate if the IP requested is private. PoC by Sayooj B Kumar // run a service on your localhost con...

7.5CVSS6.8AI score0.01564EPSS
Exploits1References2
Rows per page
Query Builder