Lucene search
K

32824 matches found

Snyk
Snyk
added 2026/04/21 8:0 p.m.6 views

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information in the Kerberos credentialing. An attacker can intercept sensitive information by capturing unencrypted credentials during transmission. Remediation A fix was pushed into the master branch...

6CVSS7.2AI score0.0028EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 8:0 p.m.4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the Zip file reading. An attacker can cause a denial of service by providing a specially crafted zip file that triggers an out-of-bounds read. Remediation A fix was pushed into the master branch but not yet...

8.7CVSS7.2AI score0.00269EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 7:17 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Webroot HTTP-01 challenge provider. An attacker can write arbitrary files to the filesystem by supplying crafted challenge tokens containing directory traversal sequences. Details A Directory Traversal attack...

8.8CVSS6.5AI score0.0034EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 7:17 p.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Webroot HTTP-01 challenge provider. An attacker can write arbitrary files to the filesystem by supplying crafted challenge tokens containing directory traversal sequences. Details A Directory Traversal attack...

8.8CVSS6.5AI score0.0034EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 7:17 p.m.3 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview org.springframework.security:spring-security-core is a package that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the JdbcOneTimeTokenService component. An attacker can gain...

6.3CVSS5.5AI score0.00124EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 7:11 p.m.4 views

Incorrect Authorization

Overview github.com/oauth2-proxy/oauth2-proxy/v7 is a reverse proxy that provides authentication with Google, Github or other providers. Affected versions of this package are vulnerable to Incorrect Authorization in the email domain validation. An attacker can gain unauthorized access by submitti...

7.6CVSS5.5AI score0.00209EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 7:11 p.m.5 views

Incorrect Authorization

Overview github.com/oauth2-proxy/oauth2-proxy is a reverse proxy that provides authentication with Google, Github or other providers. Affected versions of this package are vulnerable to Incorrect Authorization in the email domain validation. An attacker can gain unauthorized access by submitting ...

7.6CVSS5.5AI score0.00209EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 6:59 p.m.6 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value through the source.view path in font/sfnt. An attacker can force the parser to allocate a large read buffer by supplying a corrupt or malicious font file that advertises data beyond the file's...

6.1CVSS5.9AI score0.00112EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/21 6:59 p.m.17 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value through the source.view path in font/sfnt. An attacker can force the parser to allocate a large read buffer by supplying a corrupt or malicious font file that advertises data beyond the file's...

6.1CVSS5.9AI score0.00112EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/21 6:59 p.m.10 views

Memory Allocation with Excessive Size Value

Overview golang.org/x/image/webp is a Package webp implements a decoder for WEBP images. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value. An attacker can cause a crash by supplying a WEBP image with an invalid, very large declared size, triggering a...

8.2CVSS5.5AI score0.0034EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/21 6:51 p.m.4 views

UNIX Symbolic Link (Symlink) Following

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink...

10CVSS6.4AI score0.00518EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/21 6:31 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the asset and blueprint file operations in the CMS and Tailor editor extensions. An attacker can gain unauthorized access to perform file operations such as create, delete, rename, move, or upload on theme...

3.3CVSS5.8AI score0.00144EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 6:31 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the DataTable widget when a query parameter is rendered without proper output escaping. An attacker can execute arbitrary scripts in the context of the user's browser by tricking a user into visiting a craft...

3.1CVSS5.8AI score0.00144EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 6:31 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the handling of CSS preprocessor files. An attacker can access arbitrary files from the server by leveraging the import functionality in .less, .sass, or .scss files, even when cms.safemode is enabled. This is...

6.9CVSS5.9AI score0.00246EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 6:31 p.m.6 views

Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the Twig sandbox security policy, which permits database write operations even when safe mode is enabled. An attacker with Developer permissions can modify, insert, or delete data in any database...

7.5CVSS5.8AI score0.00229EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 5:29 p.m.5 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write through asyncio.AbstractEventLoop.sockrecvfrominto in the Windows ProactorEventLoop datagram receive path. An attacker can trigger a ValueError-free out-of-bounds receive by supplying an nbytes value larger than the...

8.8CVSS5.9AI score0.00374EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 5:29 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the /index.php/Speciaal:GefacetteerdZoeken parameter. An attacker can execute arbitrary JavaScript in a victim's browser by crafting a malicious URL and tricking the user into visiting it, potentially leadin...

6.1CVSS5.4AI score0.00285EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 5:17 p.m.10 views

Regular Expression Denial of Service (ReDoS)

Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the contextMatcher and pathMatcher functions. An attacker can cause the server to become unresponsive and exhaust CPU...

8.7CVSS5.8AI score0.00427EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/21 4:26 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the serverURL parameter when it is set to an attacker-controlled endpoint. An attacker can obtain sensitive API tokens by crafting a resource that omits the Git API token parameter, causing the...

7.7CVSS5.8AI score0.0026EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 4:5 p.m.4 views

Permissive Regular Expression

Overview Affected versions of this package are vulnerable to Permissive Regular Expression in the VerificationPolicy module when matchin refSource.URITekton. An attacker can alter verification modes or keys and potentially compromise the integrity of CI/CD pipelines by supplying resources source...

7.1CVSS5.4AI score0.00264EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/21 3:18 p.m.7 views

SQL Injection

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to SQL Injection via unsanitized configuration values in the Cassandra export module. An attacker can redirect monitoring data to an unauthorized Cassandra keyspace and exfiltrate...

8.3CVSS5.8AI score0.00212EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/21 3:17 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the publicapi configuration parameter of the IP plugin. An attacker can cause the application to send unauthorized HTTP requests to arbitrar...

8.8CVSS5.5AI score0.00396EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/21 3:16 p.m.9 views

Access Control Bypass

Overview @gitlawb/openclaude is an OpenClaude opens coding-agent workflows to any LLM — OpenAI, Gemini, DeepSeek, Ollama, and 200+ models Affected versions of this package are vulnerable to Access Control Bypass via the bashToolHasPermission function. An attacker can access or modify files outsid...

8.4CVSS5.8AI score0.00232EPSS
Exploits2References3
Snyk
Snyk
added 2026/04/21 3:14 p.m.4 views

Permissive Cross-domain Policy with Untrusted Domains

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the REST API when a permissive CORS policy is configured, allowing unauthenticated cross-origin requests to access...

8.7CVSS5.4AI score0.00408EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/21 3:4 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the loadimage and encodeimagebase64 functions in LMDeploy's vision-language module, which fetch URLs without validating whether the destination is an internal or private address. An attacker can acce...

8.7CVSS6AI score0.4525EPSS
Exploits2References2
Snyk
Snyk
added 2026/04/21 2:53 p.m.10 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via ExpectedArtifactExpressionEvaluationPostProcessor, which may accept and process SpEL expressions that reference and load arbitrary classes. An attacker can execute code by supplying malicious strings as inp...

9.9CVSS6.1AI score0.00553EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 2:48 p.m.7 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via insufficient sanitization of user inputs to reference, path, and branch parameters when handling git resources in GitJobExecutor. An attacker can inject commands, exposing credentials, removing files, or...

9.9CVSS5.9AI score0.00606EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:5 p.m.5 views

Malicious Package

Overview com.tencent.puerts.agent is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/21 11:31 a.m.5 views

Malicious Package

Overview internalinsightsenabled is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/21 11:15 a.m.6 views

Cleartext Storage of Sensitive Information

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to the SetupModuleController module merging entity data with user-interface settings before storing them in DB. An...

8.3CVSS5.7AI score0.00167EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 11:15 a.m.5 views

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to the SetupModuleController module merging entity data with user-interface settings before storing them in DB. An attacker can obtain sensitive user credentials by accessing the uc and...

8.3CVSS5.7AI score0.00167EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 3:13 a.m.5 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the setupChannelData function in internaldwacompressor.h due to improper handling of arithmetic operations on image dimensions. An attacker can cause unexpected behavior or potentially execute arbitrary...

8.4CVSS6AI score0.00427EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 3:12 a.m.6 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the htundoimpl function due to accumulation of a bytes-per-line value bpl using a 32-bit signed integer without overflow protection. An attacker can cause a heap out-of-bounds write by supplying a craft...

6.9CVSS5.5AI score0.00302EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/21 3:10 a.m.3 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the DwaCompressoruncompress function due to improper integer arithmetic in pointer calculations. An attacker can cause memory corruption or potentially execute arbitrary code by supplying crafted EXR...

8.4CVSS6.2AI score0.0045EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 2:8 a.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to improper quoting of schema names in the PostgreSQL database secrets engine during the role revocation process. An attacker can execute arbitrary SQL commands as the management user by supplying crafted schema names...

5.8CVSS6.2AI score0.00235EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 2:8 a.m.4 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the ExtractPluginFromImage function. An attacker can cause disk exhaustion by supplying a crafted container image containing a decompression bomb, which decompresses to an arbitrarily large file during plugin...

6.5CVSS5.4AI score0.00218EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/21 2:8 a.m.3 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the ExtractPluginFromImage function. An attacker can cause disk exhaustion by supplying a crafted container image containing a decompression bomb, which decompresses to an arbitrarily large file during plugin...

6.5CVSS5.4AI score0.00218EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/21 2:8 a.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the HTMLExporter.embedimages function. An attacker can access sensitive files on the conversion host by crafting malicious notebooks containing image references that perform path traversal, resulting in the files...

6.9CVSS6.4AI score0.00306EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 2:8 a.m.4 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the certificate authentication process when disablebinding=true is set. An attacker can extend the lifetime of dynamic leases held by the original token by renewing tokens using a sibling certificate a...

3.1CVSS5.5AI score0.00101EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 2:7 a.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the ExtractAttachmentsPreprocessor function. An attacker can write arbitrary files to locations outside the intended output directory by crafting cell attachment filenames containing path traversal sequences...

6.9CVSS6.4AI score0.00266EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 2:7 a.m.5 views

Improper Restriction of Security Token Assignment

Overview Affected versions of this package are vulnerable to Improper Restriction of Security Token Assignment via the token store process. An attacker can cause unauthorized renewal or revocation of tokens across namespaces by obtaining token accessors and leveraging privileged administrator...

2.7CVSS5.4AI score0.00301EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 1:17 a.m.5 views

Malicious Package

Overview apple-cloudkit-internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/21 1:17 a.m.7 views

Malicious Package

Overview ac-sasskit-internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/21 1:17 a.m.5 views

Malicious Package

Overview cktool.core.internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/21 1:17 a.m.3 views

Malicious Package

Overview apple-idms-internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/21 1:17 a.m.4 views

Malicious Package

Overview cktool.config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/21 1:17 a.m.10 views

Malicious Package

Overview cktool.api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/21 1:17 a.m.6 views

Malicious Package

Overview apple-auth-internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/21 1:17 a.m.4 views

Malicious Package

Overview apple-internal-security-poc-frank is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/21 1:17 a.m.7 views

Malicious Package

Overview cktool.internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Total number of security vulnerabilities32824