Lucene search
K

35669 matches found

Snyk
Snyk
added 6 days ago4 views

Missing Authentication for Critical Function

Overview github.com/dgraph-io/dgraph/edgraph is a Dgraph is a horizontally scalable and distributed GraphQL database with a graph backend. Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of authentication or authorization on the...

9.1CVSS6.1AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of authentication or authorization on the public gRPC port :9080 for the external snapshot import process. An attacker can overwrite and replace the database contents by sendi...

9.1CVSS6.1AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of authentication or authorization on the public gRPC port :9080 for the external snapshot import process. An attacker can overwrite and replace the database contents by sendi...

9.1CVSS6.1AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of authentication or authorization on the public gRPC port :9080 for the external snapshot import process. An attacker can overwrite and replace the database contents by sendi...

9.1CVSS6.1AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Directory Traversal

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Directory Traversal via the ScopedFs process. An attacker can create files outside of the intended user scope by exploiting dangling symlinks during file creation when...

6.3CVSS6.5AI score0.00269EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the ScopedFs process. An attacker can create files outside of the intended user scope by exploiting dangling symlinks during file creation when possessing Create and Modify permissions. Details A Directory...

6.3CVSS6.5AI score0.00269EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the ScopedFs process. An attacker can create files outside of the intended user scope by exploiting dangling symlinks during file creation when possessing Create and Modify permissions. Details A Directory...

6.3CVSS6.5AI score0.00269EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the ScopedFs process. An attacker can create files outside of the intended user scope by exploiting dangling symlinks during file creation when possessing Create and Modify permissions. Details A Directory...

6.3CVSS6.5AI score0.00269EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the handling of the X-Amz-Copy-Source header in the S3 API gateway. An attacker can access objects from unauthorized buckets by submitting specially crafted requests containing dot-dot path segments. Details A...

7.7CVSS6.5AI score0.00327EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the S3Tables / Iceberg REST management API due to improper authorization handling of SigV4-signed requests. An attacker can access administrator-owned table bucket names and ARNs by sending authenticated...

5.3CVSS6.1AI score0.00199EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the S3Tables / Iceberg REST management API due to improper authorization handling of SigV4-signed requests. An attacker can access administrator-owned table bucket names and ARNs by sending authenticated...

5.3CVSS6.1AI score0.00199EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the S3Tables / Iceberg REST management API due to improper authorization handling of SigV4-signed requests. An attacker can access administrator-owned table bucket names and ARNs by sending authenticated...

5.3CVSS6.1AI score0.00199EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago6 views

Incorrect Authorization

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Incorrect Authorization in the evaluation test runs controller, where three state-changing endpoints authorize actions against the workflow:read permission instead of the action-appropriate...

5.4CVSS6.1AI score0.00176EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago6 views

User Impersonation

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to User Impersonation in the ZendeskTrigger node, which does not validate the HMAC-SHA256 signature on incoming webhook requests from Zendesk. An attacker can trigger workflows with forged payloads by...

6.3CVSS6.2AI score0.00186EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Incorrect Authorization

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Incorrect Authorization in the Public API execution retry endpoint, which authorizes the request against the workflow:read permission instead of workflow:execute. A user with only workflow:read acce...

6.4CVSS6.3AI score0.00174EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago7 views

Files or Directories Accessible to External Parties

Overview repomix is an A tool to pack repository contents to single file for AI consumption Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the remote repository URL validation in src/core/git/gitRemoteParse.ts and the public website pac...

8.7CVSS6.2AI score0.00386EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Incorrect Authorization

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Incorrect Authorization in workflow creation folder assignment, which does not verify that the requested target folder belongs to a project the requester is allowed to access. A user with workflow...

5.3CVSS6.1AI score0.00166EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Cross-site Scripting (XSS)

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the resize process of Markdown image handling. An attacker can inject arbitrary CSS into the styleAttributes of an...

4.8CVSS6.1AI score0.00217EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Malicious Package

Overview ams-ssk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago2 views

Malicious Package

Overview common-tg-service is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago2 views

Malicious Package

Overview promo-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Malicious Package

Overview @vite-ln/build-ts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Missing Authorization

Overview ironic is an OpenStack Bare Metal Provisioning Affected versions of this package are vulnerable to Missing Authorization in the sendraw process. An attacker can gain unauthorized control over hardware or cause a system outage by sending arbitrary IPMI commands to the BMC. This is only...

8.2CVSS6.2AI score0.00516EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Insufficient Granularity of Access Control

Overview ironic is an OpenStack Bare Metal Provisioning Affected versions of this package are vulnerable to Insufficient Granularity of Access Control in the process of reparenting Volume Connectors and Volume Targets to nodes in a different project, crossing project authorization boundaries. An...

8.7CVSS6AI score0.00426EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago1 views

Command Injection

Overview check-peer-dependencies is a Checks peer dependencies of the current package. Offers solutions for any that are unmet. Affected versions of this package are vulnerable to Command Injection in the shelljs.exec function of the peerDependencies component in packageUtils.js. An attacker can...

6.5CVSS6.8AI score0.01067EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the parsing process of a tar archive containing a PAX extended header with a malformed SUN.holesdata sparse-file attribute. An attacker can cause a heap overflow and out-of-bounds read by supplying a...

3.9CVSS6.3AI score0.00203EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Malicious Package

Overview mci-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Malicious Package

Overview na-rony-test-karem is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Malicious Package

Overview na-rony-test is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Malicious Package

Overview rony-testing is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Malicious Package

Overview karem-dp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Malicious Package

Overview na-rony is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago6 views

Malicious Package

Overview nam-os-a-man is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Malicious Package

Overview vite-json-pwa is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Malicious Package

Overview gas-log is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago8 views

Improper Following of Specification by Caller

Overview Affected versions of this package are vulnerable to Improper Following of Specification by Caller due to the GSSAPIStrictAcceptorCheck process when the server operates in a Windows Active Directory environment. An attacker can bypass intended authentication checks by exploiting this...

6.5CVSS6.1AI score0.00179EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper enforcement of the minimum authentication delay in the sshd process. An attacker can increase the rate of authentication attempts by exploiting this timing issue...

6.9CVSS6.1AI score0.00265EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal in the sftp process when the command sftp server:/path . is executed with a server under attacker control. An attacker can write files outside the intended directory by manipulating file paths sent from the serve...

5.4CVSS6.1AI score0.00241EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago6 views

Use of Less Trusted Source

Overview Affected versions of this package are vulnerable to Use of Less Trusted Source due to improper validation of the interaction between DisableForwarding and PermitTunnel settings. An attacker can enable unauthorized tunneling by exploiting a misconfiguration where DisableForwarding does no...

8.2CVSS6.1AI score0.0014EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago9 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the scp process. An attacker can cause files to be placed outside the intended directory by crafting a copy operation between two remote destinations. Remediation A fix was pushed into the master branch but n...

5.4CVSS6.1AI score0.00241EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper handling of the MaxAuthTries parameter during the authentication process. An attacker can exhaust server resources by repeatedly attempting authentication using GSSAPI...

7.5CVSS6.1AI score0.00407EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago6 views

Improper Validation of Specified Quantity in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input due to improper handling of command-line arguments in the internal-sftp process. An attacker can bypass intended security restrictions by supplying more than nine arguments, causing...

5.4CVSS6.1AI score0.00177EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the ssh process when a server changes its host key during a key re-exchange. An attacker can potentially execute arbitrary code or cause a denial of service by triggering a use-after-free condition on the client side...

9.4CVSS6.4AI score0.00263EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago6 views

Malicious Package

Overview nodemon-node is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago6 views

Malicious Package

Overview ts-await is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the TTGetVarDesign process. An attacker can cause the application to access memory outside the intended buffer by providing crafted input to the affected process. Remediation A fix was pushed into the master branch...

8.8CVSS6.2AI score0.00278EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the gorch service when unproxied orchestrator and detector metrics ports are exposed on the cluster network. An attacker can gain unauthorized access to sensitive metrics by directly...

7CVSS6.1AI score0.00184EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via exposed HTTP endpoints in the cluster network. An attacker can gain unauthorized access to sensitive data and potentially manipulate AI models by sending requests from any co-located pod without authentication...

7CVSS6.1AI score0.0017EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the gorch service when unproxied orchestrator and detector metrics ports are exposed on the cluster network. An attacker can gain unauthorized access to sensitive metrics by directly...

7CVSS6.1AI score0.00184EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via exposed HTTP endpoints in the cluster network. An attacker can gain unauthorized access to sensitive data and potentially manipulate AI models by sending requests from any co-located pod without authentication...

7CVSS6.1AI score0.0017EPSS
Exploits0References2
Total number of security vulnerabilities35669