Lucene search
K

32601 matches found

Snyk
Snyk
added 2026/04/22 5:6 p.m.9 views

Server-side Request Forgery (SSRF)

Overview bagisto/bagisto is a hand tailored E-Commerce framework designed on some opensource technologies such as Laravel a PHP framework, Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the copy function of the...

6.5CVSS6.6AI score0.00201EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 5:6 p.m.8 views

Cross-site Scripting (XSS)

Overview bagisto/bagisto is a hand tailored E-Commerce framework designed on some opensource technologies such as Laravel a PHP framework, Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Custom Scripts interface. An...

5.4CVSS5.5AI score0.00191EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 3:31 p.m.6 views

Inclusion of Functionality from Untrusted Control Sphere

Overview instructlab is a Core package for interacting with InstructLab Affected versions of this package are vulnerable to Inclusion of Functionality from Untrusted Control Sphere via default trustremotecode=True for loading models from HuggingFacein in linuxtrain.py file. An attacker can execut...

8.8CVSS6.1AI score0.00417EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 3:3 p.m.4 views

Malicious Package

Overview @stlm/common-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/04/22 2:56 p.m.5 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the settingsToParameters process. An attacker can execute arbitrary code and alter the configuration of child processes by injecting newline characters into PHP INI values that are forwarded to child processes. This...

8.5CVSS6.3AI score0.00191EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/22 2:52 p.m.9 views

Insecure Default Initialization of Resource

Overview engramx is a The context spine for AI coding agents. 9 built-in providers + mcpConfig plugin contract wrap any MCP server in 10 lines, generic MCP-client aggregator stdio, pre-mortem mistake-guard, bi-temporal mistake memory, Anthropic Auto-Memory bridge, SSE stre Affected versions of th...

8.6CVSS5.8AI score
Exploits0References5
Snyk
Snyk
added 2026/04/22 2:49 p.m.3 views

Malicious Package

Overview sparkling-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/04/22 2:49 p.m.5 views

Malicious Package

Overview color-studio is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/04/22 2:38 p.m.8 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the updateUserRealmRoles function. An attacker can escalate privileges by invoking the API with a valid token from one realm to modify user roles in another realm, potentially granting administrative access to...

8.3CVSS5.8AI score0.00285EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/22 2:35 p.m.7 views

Directory Traversal

Overview poetry is a Python dependency management and packaging made easy. Affected versions of this package are vulnerable to Directory Traversal via the extractall function in src/poetry/utils/helpers.py that extracts sdist tarballs without path traversal protection on Python versions where...

8.7CVSS6.4AI score0.00294EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 2:31 p.m.5 views

Incorrect Authorization

Overview @saltcorn/data is a Data models for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to Incorrect Authorization through the role context evaluation process. An attacker can gain unauthorized administrative privileges on the root domain by manipulati...

8.7CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/04/22 2:31 p.m.5 views

Incorrect Authorization

Overview @saltcorn/server is a Server app for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to Incorrect Authorization through the role context evaluation process. An attacker can gain unauthorized administrative privileges on the root domain by...

8.7CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/04/22 2:28 p.m.4 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the handleAuthUserPassVerify process when deployed in experimental plugin mode. An attacker can gain unauthorized VPN access by connecting with a client that does not advertise WebAuth/SSO support, thereby...

10CVSS5.8AI score0.00438EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 12:29 p.m.6 views

Embedded Malicious Code

Overview xinference is a powerful and versatile library designed to serve language, speech recognition, and multimodal models. With Xorbits Inference, you can effortlessly deploy and serve your or state-of-the-art built-in models using just a single command. Whether you are a researcher, develope...

9.8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/04/22 12:26 p.m.1 views

Insufficient Verification of Data Authenticity

Overview org.springframework.security:spring-security-oauth2-jose is a provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the withIssuerLocation component. An attacker can bypass intended...

6.5CVSS5.5AI score0.00203EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 12:26 p.m.7 views

Access Control Bypass

Overview org.springframework.security:spring-security-config is a security configuration package for Spring Framework. Affected versions of this package are vulnerable to Access Control Bypass in the securityMatchers component when a PathPatternRequestMatcher.Builder bean is used to prepend a...

8.7CVSS5.5AI score0.00248EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 12:25 p.m.3 views

Information Exposure

Overview org.springframework.security:spring-security-core is a package that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Information Exposure in the DaoAuthenticationProvider component. An attacker can determine the status of user...

6.3CVSS5.5AI score0.00215EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 12:24 p.m.3 views

Access Control Bypass

Overview org.springframework.security:spring-security-config is a security configuration package for Spring Framework. Affected versions of this package are vulnerable to Access Control Bypass in the XML authorization rules processing when the servlet-path attribute is used. An attacker can gain...

8.7CVSS5.4AI score0.00266EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 12:24 p.m.3 views

User Impersonation

Overview org.springframework.security:spring-security-web is a package within Spring Security that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to User Impersonation in the SubjectX500PrincipalExtractor component. An attacker can gain...

8.6CVSS5.5AI score0.00296EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 1:54 a.m.3 views

Malicious Package

Overview trackora-node is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/04/22 1:54 a.m.3 views

Malicious Package

Overview trackora-chain is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/04/22 1:53 a.m.7 views

Malicious Package

Overview crypto-keccak-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/04/22 1:49 a.m.6 views

Malicious Package

Overview ts-utils-dev is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/04/22 1:49 a.m.5 views

Malicious Package

Overview gleb-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/04/22 1:34 a.m.7 views

Malicious Package

Overview js-logger-pack is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/04/22 1:32 a.m.5 views

Malicious Package

Overview claudcode-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/04/22 1:32 a.m.6 views

Malicious Package

Overview claudcode-mcp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/04/22 1:29 a.m.5 views

Malicious Package

Overview @usealloy/typegen is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/04/22 1:29 a.m.6 views

Malicious Package

Overview aventypes is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/04/22 1:29 a.m.4 views

Malicious Package

Overview @usealloy/api-contract is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/04/22 1:29 a.m.3 views

Malicious Package

Overview @usealloy/component-library is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/04/22 1:29 a.m.6 views

Malicious Package

Overview @bitunix/test is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/04/22 1:27 a.m.4 views

Malicious Package

Overview chai-as-encrypted is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/04/22 1:6 a.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper policy enforcement. An attacker can gain unauthorized access or perform actions with insufficient authorization by exploiting cache key collisions that cause the reuse of cached results from...

5CVSS5.4AI score0.00145EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 1:6 a.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper policy enforcement. An attacker can gain unauthorized access or perform actions with insufficient authorization by exploiting cache key collisions that cause the reuse of cached results from...

5CVSS5.4AI score0.00145EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 1:6 a.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper policy enforcement. An attacker can gain unauthorized access or perform actions with insufficient authorization by exploiting cache key collisions that cause the reuse of cached results from...

5CVSS5.4AI score0.00145EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 1:6 a.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper policy enforcement. An attacker can gain unauthorized access or perform actions with insufficient authorization by exploiting cache key collisions that cause the reuse of cached results from...

5CVSS5.4AI score0.00145EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 1:6 a.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper policy enforcement. An attacker can gain unauthorized access or perform actions with insufficient authorization by exploiting cache key collisions that cause the reuse of cached results from...

5CVSS5.4AI score0.00145EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 12:8 a.m.5 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the X-Forwarded-Uri header when the --reverse-proxy setting is enabled and either --skip-auth-regex or --skip-auth-route is configured. An attacker can gain unauthorized access to protected routes by spoofing the...

9.1CVSS5.4AI score0.00477EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 12:8 a.m.4 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the X-Forwarded-Uri header when the --reverse-proxy setting is enabled and either --skip-auth-regex or --skip-auth-route is configured. An attacker can gain unauthorized access to protected routes by spoofing the...

9.1CVSS5.4AI score0.00477EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 12:8 a.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the X-Forwarded-Uri header when the --reverse-proxy setting is enabled and either --skip-auth-regex or --skip-auth-route is configured. An attacker can gain unauthorized access to protected routes by spoofing the...

9.1CVSS5.4AI score0.00477EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 12:8 a.m.4 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the X-Forwarded-Uri header when the --reverse-proxy setting is enabled and either --skip-auth-regex or --skip-auth-route is configured. An attacker can gain unauthorized access to protected routes by spoofing the...

9.1CVSS5.4AI score0.00477EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 12:8 a.m.5 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the X-Forwarded-Uri header when the --reverse-proxy setting is enabled and either --skip-auth-regex or --skip-auth-route is configured. An attacker can gain unauthorized access to protected routes by spoofing the...

9.1CVSS5.4AI score0.00477EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 12:8 a.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the X-Forwarded-Uri header when the --reverse-proxy setting is enabled and either --skip-auth-regex or --skip-auth-route is configured. An attacker can gain unauthorized access to protected routes by spoofing the...

9.1CVSS5.4AI score0.00477EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 12:8 a.m.4 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the X-Forwarded-Uri header when the --reverse-proxy setting is enabled and either --skip-auth-regex or --skip-auth-route is configured. An attacker can gain unauthorized access to protected routes by spoofing the...

9.1CVSS5.4AI score0.00477EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 12:8 a.m.5 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the X-Forwarded-Uri header when the --reverse-proxy setting is enabled and either --skip-auth-regex or --skip-auth-route is configured. An attacker can gain unauthorized access to protected routes by spoofing the...

9.1CVSS5.4AI score0.00477EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 12:8 a.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the X-Forwarded-Uri header when the --reverse-proxy setting is enabled and either --skip-auth-regex or --skip-auth-route is configured. An attacker can gain unauthorized access to protected routes by spoofing the...

9.1CVSS5.4AI score0.00477EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 12:8 a.m.5 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the X-Forwarded-Uri header when the --reverse-proxy setting is enabled and either --skip-auth-regex or --skip-auth-route is configured. An attacker can gain unauthorized access to protected routes by spoofing the...

9.1CVSS5.4AI score0.00477EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 12:8 a.m.4 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the processing of request paths containing a number sign or its encoded form %23 when using skipauthroutes or skipauthregex settings. An attacker can gain unauthorized access t...

8.3CVSS5.4AI score0.00275EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 12:8 a.m.5 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the processing of request paths containing a number sign or its encoded form %23 when using skipauthroutes or skipauthregex settings. An attacker can gain unauthorized access t...

8.3CVSS5.4AI score0.00275EPSS
Exploits0References2
Total number of security vulnerabilities32601