Lucene search
K

32837 matches found

Snyk
Snyk
added 2026/04/21 2:8 a.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the HTMLExporter.embedimages function. An attacker can access sensitive files on the conversion host by crafting malicious notebooks containing image references that perform path traversal, resulting in the files...

6.9CVSS6.4AI score0.00306EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 2:8 a.m.4 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the certificate authentication process when disablebinding=true is set. An attacker can extend the lifetime of dynamic leases held by the original token by renewing tokens using a sibling certificate a...

3.1CVSS5.5AI score0.00101EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 2:7 a.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the ExtractAttachmentsPreprocessor function. An attacker can write arbitrary files to locations outside the intended output directory by crafting cell attachment filenames containing path traversal sequences...

6.9CVSS6.4AI score0.00266EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 2:7 a.m.5 views

Improper Restriction of Security Token Assignment

Overview Affected versions of this package are vulnerable to Improper Restriction of Security Token Assignment via the token store process. An attacker can cause unauthorized renewal or revocation of tokens across namespaces by obtaining token accessors and leveraging privileged administrator...

2.7CVSS5.4AI score0.00301EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 1:17 a.m.5 views

Malicious Package

Overview apple-cloudkit-internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/21 1:17 a.m.7 views

Malicious Package

Overview ac-sasskit-internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/21 1:17 a.m.5 views

Malicious Package

Overview cktool.core.internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/21 1:17 a.m.3 views

Malicious Package

Overview apple-idms-internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/21 1:17 a.m.4 views

Malicious Package

Overview cktool.config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/21 1:17 a.m.10 views

Malicious Package

Overview cktool.api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/21 1:17 a.m.6 views

Malicious Package

Overview apple-auth-internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/21 1:17 a.m.4 views

Malicious Package

Overview apple-internal-security-poc-frank is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/21 1:17 a.m.7 views

Malicious Package

Overview cktool.internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:11 a.m.5 views

Cleartext Transmission of Sensitive Information

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information via the ws:// gateway endpoint. An attacker can intercept sensitive information by redirecting clients to malicious endpoints or forging...

5.9CVSS5.7AI score0.00118EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:11 a.m.6 views

Improper Verification of Cryptographic Signature

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the Nostr DM ingress path. An attacker can cause unauthorized pairing challenges to be issued and consume shared pairing capacity by...

6.9CVSS5.7AI score0.00253EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.7 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation of certain client metadata fields when explicitly enabled. An attacker possessing a valid Initial Access Token can dynamically register a malicious client with crafted metadata. Depending on the metadata provid...

9.6CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Group Replication Plugin. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network. Remediation Upgrade libmysqlclient to...

7.1CVSS7.8AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network while authenticated with high privileges...

6.9CVSS7.7AI score0.00242EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the InnoDB component. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network with high privileges. Remediation Upgrade...

6.9CVSS7.7AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Optimizer component. An attacker can cause the application to hang or crash by sending specially crafted requests over the network while authenticated with high privileges...

6.9CVSS7.7AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the JSON component. An attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network. Remediation Upgrade libmysqlclient to versi...

7.1CVSS7.8AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network while authenticated with high privileges...

6.9CVSS7.7AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network. Remediation Upgrade libmysqlclient to version...

6.9CVSS5.5AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network. This is only exploitable if the...

6.9CVSS7.7AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.4 views

Missing Release of Resource after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime via the DML component. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network with high privileges. Remediation Upgrade libmysqlclie...

6.9CVSS7.7AI score0.00242EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the InnoDB component. An attacker can cause the server to hang or repeatedly crash by sending specially crafted requests over the network. This is only exploitable if the attacker...

6.9CVSS7.7AI score0.00242EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the InnoDB component. An attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network. Remediation Upgrade libmysqlclient to...

6.9CVSS7.8AI score0.00242EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the InnoDB component. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network with high privileges. Remediation Upgrade...

6.9CVSS7.7AI score0.00242EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.4 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the Information Schema component. An attacker can gain unauthorized access to sensitive data by sending crafted requests over the network. Remediation Upgrade libmysqlclient to versi...

5.3CVSS7.8AI score0.00243EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.6 views

Insertion of Sensitive Information into Externally-Accessible File or Directory

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory via the Information Schema component. An attacker can gain unauthorized access to sensitive data by sending crafted requests over the network with high...

5.1CVSS7.7AI score0.00259EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network. Remediation Upgrade libmysqlclient to...

7.1CVSS7.8AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network. Remediation Upgrade libmysqlclient to...

7.1CVSS7.8AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the InnoDB component. An attacker can cause the server to hang or repeatedly crash by sending crafted requests over the network with high privileges. Remediation Upgrade...

6.9CVSS7.7AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the DML component. An attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network. Remediation Upgrade libmysqlclient to versio...

6.9CVSS7.8AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.5 views

Missing Release of Resource after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime in the Group Replication Plugin. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network. Remediation Upgrade libmysqlclient to versi...

7.1CVSS7.8AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network. Remediation Upgrade libmysqlclient to...

7.1CVSS7.8AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Group Replication Plugin. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network. Remediation Upgrade libmysqlclient to...

7.1CVSS7.8AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/20 10:16 p.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass through the authentication process. An attacker can maintain unauthorized access to protected resources and perform actions such as reading, modifying, or creating new accounts by using previously issued bearer...

8.6CVSS5.3AI score0.00274EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/20 10:16 p.m.3 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass through the authentication process. An attacker can maintain unauthorized access to protected resources and perform actions such as reading, modifying, or creating new accounts by using previously issued bearer...

8.6CVSS5.3AI score0.00274EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/20 10:15 p.m.4 views

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via missing origin validation in all WebSocket endpoints. An attacker can gain unauthorized access to authenticated WebSocket sessions by tricking a logged-in administrator into visiting a malicio...

8.1CVSS5.4AI score0.00176EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/20 10:15 p.m.8 views

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via missing origin validation in all WebSocket endpoints. An attacker can gain unauthorized access to authenticated WebSocket sessions by tricking a logged-in administrator into visiting a malicio...

8.1CVSS5.4AI score0.00176EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/20 10:15 p.m.4 views

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via missing origin validation in all WebSocket endpoints. An attacker can gain unauthorized access to authenticated WebSocket sessions by tricking a logged-in administrator into visiting a malicio...

8.1CVSS5.4AI score0.00176EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/20 10:0 p.m.6 views

Command Injection

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Command Injection via preview MCP server endpoints POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list. An attacker can execute arbitrary commands by accessin...

8.8CVSS6.2AI score0.75873EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/20 10:0 p.m.4 views

Embedded Malicious Code

Overview pgserve is an Embedded PostgreSQL server with true concurrent connections - zero config, auto-provision databases Affected versions of this package are vulnerable to Embedded Malicious Code that injects a credential-harvesting script that runs via postinstall on every npm install. It...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/04/20 10:0 p.m.5 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the managed authenticated encryptor while computing HMAC validation tag. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Note: Shared framework...

9.1CVSS5.9AI score0.11205EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/20 9:11 p.m.7 views

Command Injection

Overview flowsint is an Add your description here Affected versions of this package are vulnerable to Command Injection via the orgtoasn transform process. An attacker can execute arbitrary operating system commands as root on the host machine by supplying shell metacharacters and escaping the...

10CVSS6.1AI score0.00506EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/20 9:0 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Optimizer. Remediation Upgrade libmysqlclient to version 8.1.0 or higher. References - Oracle Security Advisory - Red Hat Bugzilla Bug...

6.9CVSS7.9AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/20 8:12 p.m.8 views

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

Overview aws-encryption-sdk is an AWS Encryption SDK implementation for Python Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation 'Algorithm Downgrade' via the shared key cache. An attacker can bypass key commitment policy enforcement by...

5.7CVSS5.7AI score0.00096EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/20 7:31 p.m.4 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the setkey and unsetkey functions. An attacker can overwrite arbitrary files by creating a crafted symbolic link that is followed during a cross-device rename fallback. PoC python import os import sys import tempfile...

7.1CVSS5.9AI score0.00236EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/20 7:31 p.m.5 views

Directory Traversal

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Directory Traversal through the files request parameter in the dataflow import parsers. An attacker with administrative privileges can read...

8.5CVSS6.6AI score0.00502EPSS
Exploits1References3
Total number of security vulnerabilities32837