Lucene search
K

35575 matches found

Snyk
Snyk
added 2 days ago1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DeleteWithPathPrefix process. An attacker can expose unintended contents by deleting a shared directory using a trailing-slash path and then recreating the directory, which causes the dormant public share...

3.1CVSS6.1AI score0.00198EPSS
Exploits0References2
Snyk
Snyk
added 2 days ago1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DeleteWithPathPrefix process. An attacker can expose unintended contents by deleting a shared directory using a trailing-slash path and then recreating the directory, which causes the dormant public share...

3.1CVSS6.1AI score0.00198EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Embedded Malicious Code

Overview jscrambler is a Jscrambler Code Integrity API client. Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a cross-platform infostealer. A malicious actor compromised an npm publishing credential associated with Jscrambler, which allowed the attacker ...

9.8CVSS6.2AI score
Exploits0References2
Snyk
Snyk
added 3 days ago5 views

Directory Traversal

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

6.8CVSS6.5AI score0.00147EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago5 views

Server-side Request Forgery (SSRF)

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Crawl4AI backend process. An attacker can access internal network resources and sensitive informati...

8.5CVSS6.1AI score0.00221EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Information Exposure

Overview praisonai is a PraisonAI TypeScript AI Agents Framework - Node.js, npm, and Javascript AI Agents Framework Affected versions of this package are vulnerable to Information Exposure due to insecure default configuration that binds to all interfaces without requiring an API key and allows...

8.8CVSS6.1AI score0.00322EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago5 views

Insecure Default Initialization of Resource

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

8.7CVSS6.1AI score0.0026EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago5 views

User Impersonation

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

7.3CVSS6.2AI score0.00246EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through AcquireMatrixInfo in MagickCore/matrix.c. An attacker can cause matrix-backed operations, such as -canny, to allocate more memory than the configured limit by supplying input...

6.5CVSS6.1AI score0.00105EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago4 views

Arbitrary Code Injection

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Arbitrary Code Injection via the CodeAgent.executepython function. An attacker can execute arbitrary code and exfiltrate environment secrets...

10CVSS6.4AI score0.00544EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago4 views

Directory Traversal

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

9.9CVSS6.6AI score0.00538EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago5 views

Missing Authorization

Overview praisonai-platform is a Platform layer for PraisonAI — workspace, auth, issues, projects Affected versions of this package are vulnerable to Missing Authorization in the PATCH routes for projects, issues, and agents, where insufficient authorization checks allow a workspace member to...

7.1CVSS6.1AI score0.00256EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago5 views

Missing Authorization

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

7.1CVSS6.1AI score0.00256EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via the FormatMagickCaption function in MagickCore/annotate.c. An attacker can trigger a dangling-pointer dereference by supplying caption text that drives the memory-allocation failure path during caption formatting. Whe...

7.5CVSS6.1AI score0.00277EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Unchecked Return Value

Overview Affected versions of this package are vulnerable to Unchecked Return Value through XMP profile parsing in MagickCore/xml-tree.c's ParseEntities routine. An attacker can trigger a crash by supplying a crafted XMP profile that drives the parser down the affected code path and dereferences...

7.5CVSS6.1AI score0.00226EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack through the CopyDelegateFile path in the VIDEO/APNG delegate code. An attacker can write output to a disallowed path by supplying a delegate-driven image write that copies a generated file to a destination the policy shou...

5.3CVSS6.2AI score0.00133EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Arbitrary File Upload

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Arbitrary File Upload in the file upload process when a malformed Content-Type header is supplied and the file extension is...

4.4CVSS6.3AI score0.00245EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime through the WriteVIFFImage encoder in coders/viff.c. An attacker can consume memory by causing the VIFF encoder to hit an allocation failure while processing an image with a color map...

7.5CVSS6.1AI score0.00104EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Cross-site Scripting (XSS)

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper input neutralization during web page generation. An attacker can execute arbitrary script...

6.1CVSS6.2AI score0.0015EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Server-side Request Forgery (SSRF)

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request process. An attacker can make arbitrary requests to internal or external syste...

8.8CVSS6.2AI score0.00133EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the process of modifying dynamically-determin...

8.8CVSS6.3AI score0.00161EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Open Redirect

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Open Redirect via the URL redirection process. An attacker can redirect users to malicious sites or poison cache by crafting...

5.9CVSS6.1AI score0.00133EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the deserialization process. An attacker can...

10CVSS6.3AI score0.00161EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago4 views

Malicious Package

Overview auth-next-gen is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 3 days ago4 views

Malicious Package

Overview authvaultx is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Incorrect Authorization

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Incorrect Authorization via the printInventory process. An attacker can access inventory and cost/order metadata from modules that should be restricted by leveraging...

5.3CVSS6.1AI score0.00252EPSS
Exploits1References2
Snyk
Snyk
added 4 days ago2 views

Open Redirect

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Open Redirect via the redirect-intended process. An attacker can redirect users to arbitrary external websites by manipulating the Referer header during the user edit flow...

6.1CVSS6.2AI score0.00232EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Cross-site Scripting (XSS)

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the UploadFileRequest process, which fails to properly sanitize SVG content unless PHP finfo reports image/svg+xml, and the...

8.7CVSS6.2AI score0.00351EPSS
Exploits1References2
Snyk
Snyk
added 4 days ago2 views

Cross-site Scripting (XSS)

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the headercolor setting in the branding configuration. An attacker with superadmin privileges can inject arbitrary CSS that impacts authenticate...

8.1CVSS6.1AI score0.00389EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Incorrect Authorization

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Incorrect Authorization in the Importer API endpoint when a user with CSV import capabilities and a valid API key can overwrite the createdby value of an import file. An...

6.9CVSS6.1AI score0.00195EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago0 views

XML Injection

Overview @logto/connector-saml is a SAML standard connector implementation. Affected versions of this package are vulnerable to XML Injection via the SAML assertion process. An attacker can inject arbitrary XML markup into signed SAML assertions by supplying crafted profile attributes, potentiall...

8.5CVSS6.2AI score0.00298EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Authorization Bypass Through User-Controlled Key

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the unaccepted-assets report delete endpoint. An attacker can remove pending checkout acceptance records belonging to...

5.3CVSS6.1AI score0.00248EPSS
Exploits1References2
Snyk
Snyk
added 4 days ago2 views

Directory Traversal

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Directory Traversal via the image field during CSV import. An attacker can delete arbitrary files accessible to the server process by supplying a crafted path traversal stri...

7CVSS6.5AI score0.00378EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

CSV Injection

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to CSV Injection through the postActivityReport process. An attacker can cause arbitrary formula execution in spreadsheet software by injecting a specially crafted User-Agent...

7.3CVSS6.3AI score0.00269EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Incorrect Authorization

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Incorrect Authorization due to improper authorization in the legacy license checkin process. An attacker can reclaim license seats assigned to other users or assets by...

5.3CVSS6.1AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago1 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the MapMessage.asJson method, which emits the bare NaN, Infinity, or -Infinity tokens instead of an RFC 8259-compliant representation. An attacker can emit malformed JSON that corrupts the...

6.3CVSS6.1AI score0.0078EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the ReverseProxy.Rewrite process when the internal authentication token is forwarded to backend services via the x-tsdproxy-auth-token header. An attacker can gain unauthorized management API access and escala...

9.2CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Malicious Package

Overview type-elint is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Missing Authentication for Critical Function

Overview clauster is a Self-hosted web UI for spawning and managing Claude Code remote-control bridges on a remote host. Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the authentication process. An attacker can gain unauthorized access to the...

8.8CVSS6.2AI score
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview prestashop/psfacetedsearch is a PrestaShop module that adds layered navigation filters. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the getFromCache function. An attacker can...

9.8CVSS6.4AI score0.00092EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Malicious Package

Overview type-plint is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Malicious Package

Overview type-atob is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the auto-linking process by email, as the external identity provider does not verify ownership of the email address before linking accounts. An attacker can gain unauthorized access to a victim's local account...

6.3CVSS6.1AI score0.00189EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Missing Authorization

Overview github.com/zitadel/zitadel/internal/api/oidc is a package for identity infrastructure Affected versions of this package are vulnerable to Missing Authorization in the OAuth2 Token Exchange process. An attacker can gain elevated permissions by exchanging a low-privilege token for higher...

8.6CVSS6.1AI score0.00231EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the session process. An attacker can bypass token expiration enforcement by providing a JWT without the exp claim, resulting in tokens from trusted issuers being accepted indefinitely. Remediation...

4.2CVSS6.1AI score0.00167EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Improper Authentication

Overview prowler is a Prowler is an Open Source security tool to perform AWS, GCP and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI,...

9.6CVSS6.1AI score0.00296EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Incorrect Authorization

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Incorrect Authorization in the BulkUsersController::destroy process. An attacker can gain unauthorized ability to soft-delete other non-admin users by sending a direct POST...

7.1CVSS6.1AI score0.00285EPSS
Exploits1References2
Snyk
Snyk
added 4 days ago2 views

Missing Authorization

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Missing Authorization via the cancelbyadmin parameter in the asset request cancellation process. An attacker can cancel pending asset requests for other users by supplying a...

5.3CVSS6.1AI score0.002EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Cross-site Scripting (XSS)

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the markdown-textarea custom field processing. An attacker can execute arbitrary JavaScript in the context of another user by embedding a crafte...

5.4CVSS6.2AI score0.00173EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Incorrect Authorization

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Incorrect Authorization in the API location creation process when both Full Multiple Companies Support and scopelocationsfmcs are enabled. An attacker can create a child...

5.4CVSS6.1AI score0.00197EPSS
Exploits0References2
Total number of security vulnerabilities35575