Lucene search
K

32601 matches found

Snyk
Snyk
•added 2026/04/21 3:14 p.m.•4 views

Permissive Cross-domain Policy with Untrusted Domains

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the REST API when a permissive CORS policy is configured, allowing unauthenticated cross-origin requests to access...

8.7CVSS5.4AI score0.00408EPSS
Exploits1References3
Snyk
Snyk
•added 2026/04/21 3:4 p.m.•5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the loadimage and encodeimagebase64 functions in LMDeploy's vision-language module, which fetch URLs without validating whether the destination is an internal or private address. An attacker can acce...

8.7CVSS6AI score0.4525EPSS
Exploits2References2
Snyk
Snyk
•added 2026/04/21 2:53 p.m.•10 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via ExpectedArtifactExpressionEvaluationPostProcessor, which may accept and process SpEL expressions that reference and load arbitrary classes. An attacker can execute code by supplying malicious strings as inp...

9.9CVSS6.1AI score0.00553EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 2:48 p.m.•7 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via insufficient sanitization of user inputs to reference, path, and branch parameters when handling git resources in GitJobExecutor. An attacker can inject commands, exposing credentials, removing files, or...

9.9CVSS5.9AI score0.00606EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:5 p.m.•5 views

Malicious Package

Overview com.tencent.puerts.agent is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/21 11:31 a.m.•5 views

Malicious Package

Overview internalinsightsenabled is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/21 11:15 a.m.•6 views

Cleartext Storage of Sensitive Information

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to the SetupModuleController module merging entity data with user-interface settings before storing them in DB. An...

8.3CVSS5.7AI score0.00167EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 11:15 a.m.•5 views

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to the SetupModuleController module merging entity data with user-interface settings before storing them in DB. An attacker can obtain sensitive user credentials by accessing the uc and...

8.3CVSS5.7AI score0.00167EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 3:13 a.m.•5 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the setupChannelData function in internaldwacompressor.h due to improper handling of arithmetic operations on image dimensions. An attacker can cause unexpected behavior or potentially execute arbitrary...

8.4CVSS6AI score0.00427EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 3:12 a.m.•6 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the htundoimpl function due to accumulation of a bytes-per-line value bpl using a 32-bit signed integer without overflow protection. An attacker can cause a heap out-of-bounds write by supplying a craft...

6.9CVSS5.5AI score0.00302EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/21 3:10 a.m.•3 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the DwaCompressoruncompress function due to improper integer arithmetic in pointer calculations. An attacker can cause memory corruption or potentially execute arbitrary code by supplying crafted EXR...

8.4CVSS6.2AI score0.0045EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 2:8 a.m.•3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to improper quoting of schema names in the PostgreSQL database secrets engine during the role revocation process. An attacker can execute arbitrary SQL commands as the management user by supplying crafted schema names...

5.8CVSS6.2AI score0.00235EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 2:8 a.m.•4 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the ExtractPluginFromImage function. An attacker can cause disk exhaustion by supplying a crafted container image containing a decompression bomb, which decompresses to an arbitrarily large file during plugin...

6.5CVSS5.4AI score0.00218EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/21 2:8 a.m.•3 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the ExtractPluginFromImage function. An attacker can cause disk exhaustion by supplying a crafted container image containing a decompression bomb, which decompresses to an arbitrarily large file during plugin...

6.5CVSS5.4AI score0.00218EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/21 2:8 a.m.•4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the HTMLExporter.embedimages function. An attacker can access sensitive files on the conversion host by crafting malicious notebooks containing image references that perform path traversal, resulting in the files...

6.9CVSS6.4AI score0.00306EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 2:8 a.m.•4 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the certificate authentication process when disablebinding=true is set. An attacker can extend the lifetime of dynamic leases held by the original token by renewing tokens using a sibling certificate a...

3.1CVSS5.5AI score0.00101EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 2:7 a.m.•3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the ExtractAttachmentsPreprocessor function. An attacker can write arbitrary files to locations outside the intended output directory by crafting cell attachment filenames containing path traversal sequences...

6.9CVSS6.4AI score0.00266EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 2:7 a.m.•5 views

Improper Restriction of Security Token Assignment

Overview Affected versions of this package are vulnerable to Improper Restriction of Security Token Assignment via the token store process. An attacker can cause unauthorized renewal or revocation of tokens across namespaces by obtaining token accessors and leveraging privileged administrator...

2.7CVSS5.4AI score0.00301EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 1:17 a.m.•5 views

Malicious Package

Overview apple-cloudkit-internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/21 1:17 a.m.•7 views

Malicious Package

Overview ac-sasskit-internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/21 1:17 a.m.•5 views

Malicious Package

Overview cktool.core.internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/21 1:17 a.m.•3 views

Malicious Package

Overview apple-idms-internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/21 1:17 a.m.•4 views

Malicious Package

Overview cktool.config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/21 1:17 a.m.•10 views

Malicious Package

Overview cktool.api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/21 1:17 a.m.•6 views

Malicious Package

Overview apple-auth-internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/21 1:17 a.m.•4 views

Malicious Package

Overview apple-internal-security-poc-frank is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/21 1:17 a.m.•7 views

Malicious Package

Overview cktool.internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:11 a.m.•5 views

Cleartext Transmission of Sensitive Information

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information via the ws:// gateway endpoint. An attacker can intercept sensitive information by redirecting clients to malicious endpoints or forging...

5.9CVSS5.7AI score0.00118EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:11 a.m.•6 views

Improper Verification of Cryptographic Signature

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the Nostr DM ingress path. An attacker can cause unauthorized pairing challenges to be issued and consume shared pairing capacity by...

6.9CVSS5.7AI score0.00253EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network. Remediation Upgrade libmysqlclient to...

7.1CVSS7.8AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•7 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation of certain client metadata fields when explicitly enabled. An attacker possessing a valid Initial Access Token can dynamically register a malicious client with crafted metadata. Depending on the metadata provid...

9.6CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Group Replication Plugin. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network. Remediation Upgrade libmysqlclient to...

7.1CVSS7.8AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Optimizer component. An attacker can cause the application to hang or crash by sending specially crafted requests over the network while authenticated with high privileges...

6.9CVSS7.7AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the JSON component. An attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network. Remediation Upgrade libmysqlclient to versi...

7.1CVSS7.8AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the InnoDB component. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network with high privileges. Remediation Upgrade...

6.9CVSS7.7AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the InnoDB component. An attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network. Remediation Upgrade libmysqlclient to...

6.9CVSS7.8AI score0.00242EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•5 views

Missing Release of Resource after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime in the Group Replication Plugin. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network. Remediation Upgrade libmysqlclient to versi...

7.1CVSS7.8AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•4 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the Information Schema component. An attacker can gain unauthorized access to sensitive data by sending crafted requests over the network. Remediation Upgrade libmysqlclient to versi...

5.3CVSS7.8AI score0.00243EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network. Remediation Upgrade libmysqlclient to version...

6.9CVSS5.5AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the InnoDB component. An attacker can cause the server to hang or repeatedly crash by sending crafted requests over the network with high privileges. Remediation Upgrade...

6.9CVSS7.7AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network. Remediation Upgrade libmysqlclient to...

7.1CVSS7.8AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•11 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the InnoDB component. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network with high privileges. Remediation Upgrade...

6.9CVSS7.7AI score0.00242EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•6 views

Insertion of Sensitive Information into Externally-Accessible File or Directory

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory via the Information Schema component. An attacker can gain unauthorized access to sensitive data by sending crafted requests over the network with high...

5.1CVSS7.7AI score0.00259EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network. This is only exploitable if the...

6.9CVSS7.7AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network while authenticated with high privileges...

6.9CVSS7.7AI score0.00242EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Group Replication Plugin. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network. Remediation Upgrade libmysqlclient to...

7.1CVSS7.8AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the InnoDB component. An attacker can cause the server to hang or repeatedly crash by sending specially crafted requests over the network. This is only exploitable if the attacker...

6.9CVSS7.7AI score0.00242EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the DML component. An attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network. Remediation Upgrade libmysqlclient to versio...

6.9CVSS7.8AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network while authenticated with high privileges...

6.9CVSS7.7AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network. Remediation Upgrade libmysqlclient to...

7.1CVSS7.8AI score0.00303EPSS
Exploits0References2
Total number of security vulnerabilities32601