Lucene search
+L

7 matches found

Snyk
Snyk
added 2026/04/08 9:51 p.m.2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the runPlaygroundServer process in cmd/run/run.go and the playground configuration in pkg/server/config/config.go. An attacker can recover the preshared API key by sending an unauthenticated request to the...

7.5CVSS5.8AI score0.00286EPSS
Exploits0References2
OSV
OSV
added 2026/04/08 9:51 p.m.15 views

GHSA-68M9-983M-F3V5 OpenFGA: Unauthenticated playground endpoint discloses preshared API key in HTML response

Description When OpenFGA is configured to use preshared-key authentication with the built-in playground enabled, the local server includes the preshared API key in the HTML response of the /playground endpoint. The /playground endpoint is enabled by default and does not require authentication. It...

6.5CVSS5.8AI score0.00286EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/30 5:29 p.m.4 views

Server-side Request Forgery (SSRF)

Overview crewai-tools is a Set of tools for the crewAI framework Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the RAG search tools not properly validating user-supplied URLs at runtime. An attacker can access internal or cloud resources by supplying...

9.8CVSS6AI score0.00467EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/08 4:41 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of resource-limiting controls in the gRPC, HTTPS, and HTTP3 server implementations. An attacker can exhaust memory and cause the server to degrade or crash by opening...

8.7CVSS6.8AI score0.00412EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-51733

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00515EPSS
Exploits1References2
Snyk
Snyk
added 2025/04/15 9:19 p.m.1 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via Service Call functionality. A user with sufficient privileges to create Kyverno policies can expose all data from a Kubernetes cluster using a malicious Kyverno policy that makes external service cal...

7.1CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2025/04/15 9:19 p.m.1 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via Service Call functionality. A user with sufficient privileges to create Kyverno policies can expose all data from a Kubernetes cluster using a malicious Kyverno policy that makes external service cal...

7.1CVSS6.9AI score
Exploits0References2
Rows per page
Query Builder