Lucene search
K

14 matches found

Snyk
Snyk
added 2026/06/15 8:16 p.m.11 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' when dispatching HTTP requests to endpoint attributes via getattr. An attacker can invoke internal...

6.3CVSS5.5AI score0.00213EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/29 7:0 p.m.3 views

CVE-2026-7400 geekgod382 filesystem-mcp-server read_file_tool/write_file_tool server.py is_path_allowed path traversal

A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function ispathallowed of the file server.py of the component readfiletool/writefiletool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit has be...

7.5CVSS7AI score0.0043EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/28 6:45 a.m.9 views

CVE-2026-7237 AgiFlow scaffold-mcp write-to-file Tool index.ts path traversal

A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component write-to-file Tool. The manipulation of the argument filepath results in path traversal. The attack may be...

7.5CVSS7AI score0.00448EPSS
Exploits0References7
Snyk
Snyk
added 2026/02/04 12:7 a.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ExpandApk function. An attacker can cause excessive resource consumption by providing a specially crafted, highly-compressed .apk stream that decompresses into a large tar...

7.5CVSS5.6AI score0.00366EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/04 12:7 a.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ExpandApk function. An attacker can cause excessive resource consumption by providing a specially crafted, highly-compressed .apk stream that decompresses into a large tar...

7.5CVSS5.6AI score0.00366EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/03 11:58 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

7.1CVSS5.5AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/03 11:58 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

7.1CVSS5.5AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/03 11:58 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

7.1CVSS5.5AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/03 11:57 p.m.4 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the dirFS filesystem abstraction. An attacker can perform unauthorized filesystem writes outside the intended base directory by supplying a crafted APK package containing malicious directory or symlink entrie...

7.5CVSS5.5AI score0.00369EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/13 10:40 a.m.7 views

Trust Boundary Violation

Overview utcp is an Universal Tool Calling Protocol UTCP client library for Python Affected versions of this package are vulnerable to Trust Boundary Violation. Via the remote Manual Endpoint, the client retrieves a tool’s JSON specification, known as a Manual. An attacker can execute arbitrary...

7.7CVSS7.6AI score0.00223EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/17 3:47 p.m.16 views

CVE-2025-7339 on-headers vulnerable to http response header manipulation

on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead. Users should upgrade to version 1.1.0 to receive a patch. Uses are...

3.4CVSS6.3AI score0.00174EPSS
Exploits0References5
Snyk
Snyk
added 2025/05/15 2:5 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the EndBlocker process. An attacker can cause the system to halt by triggering an integer overflow during the cumulative reward ratio calculation. Remediation Upgrade...

8.2CVSS7.2AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/02/14 6:28 a.m.3 views

SUSE CVE-2023-31038

SQL injection in Log4cxx when using the ODBC appender to send log messages to a database. No fields sent to the database were properly escaped for SQL injection. This has been the case since at least version 0.9.0released 2003-08-06 Note that Log4cxx is a C++ framework, so only C++ applications a...

8.8CVSS8.8AI score0.01597EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2020/06/03 12:0 a.m.9 views

PT-2020-19335 · Elastic · Cloud On Kubernetes

Name of the Vulnerable Software and Affected Versions: Elastic Cloud on Kubernetes ECK versions prior to 1.1.0 Description: The issue concerns a weak random number generator used to generate passwords in Elastic Cloud on Kubernetes ECK. This weakness can be exploited if an attacker determines whe...

7.5CVSS7.4AI score0.01439EPSS
Exploits0References7
Rows per page
Query Builder