Lucene search
K

32851 matches found

Snyk
Snyk
added 2026/04/18 12:46 a.m.4 views

Incomplete List of Disallowed Inputs

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the run method of the AirtableAgents class, which evaluates LLM-generated Python scripts in a non-sandboxed environment. An attacker can execute arbitrary code on the...

9.8CVSS6.3AI score0.00464EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/18 12:46 a.m.6 views

Incomplete List of Disallowed Inputs

Overview flowise-ui is a Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the run method of the AirtableAgents class, which evaluates LLM-generated Python scripts in a non-sandboxed environment. An attacker can execute arbitrary code on the server by...

9.8CVSS6.3AI score0.00464EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/18 12:45 a.m.5 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime in the ptpunpackSonyDPD function. An attacker can cause increased memory consumption and potential denial of service by repeatedly triggering property descriptor parsing that leads to...

4.3CVSS5.7AI score0.00181EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/18 12:45 a.m.7 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the ptpunpackDPV function when handling UINT128 and INT128 types. An attacker can cause sensitive information disclosure or application crash by providing a crafted buffer that does not contain enough bytes, leadin...

5.2CVSS5.9AI score0.00198EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 11:40 p.m.7 views

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound in the ParseHttpHeaders process. An attacker can cause the application to read memory outside the bounds of the allocated HTTP request buffer by sending a specially crafted SOAPAction header containi...

9.1CVSS5.9AI score0.00674EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:42 p.m.10 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...

6.1CVSS5.5AI score0.00209EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:42 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...

6.1CVSS5.5AI score0.00209EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:42 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...

6.1CVSS5.9AI score0.00209EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:42 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...

6.1CVSS5.9AI score0.00209EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:42 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...

6.1CVSS5.9AI score0.00209EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:42 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...

6.1CVSS5.5AI score0.00209EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:41 p.m.3 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the endpoints.GetSessionCookie function. An attacker can exhaust system memory resources by sending specially crafted requests containing a large cookie chunk count, resulting in unbounded...

8.7CVSS5.8AI score0.00453EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:41 p.m.4 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the endpoints.GetSessionCookie function. An attacker can exhaust system memory resources by sending specially crafted requests containing a large cookie chunk count, resulting in unbounded...

8.7CVSS5.8AI score0.00453EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:41 p.m.9 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the endpoints.GetSessionCookie function. An attacker can exhaust system memory resources by sending specially crafted requests containing a large cookie chunk count, resulting in unbounded...

8.7CVSS5.5AI score0.00453EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:41 p.m.4 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the endpoints.GetSessionCookie function. An attacker can exhaust system memory resources by sending specially crafted requests containing a large cookie chunk count, resulting in unbounded...

8.7CVSS5.5AI score0.00453EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:41 p.m.6 views

Incorrect Ownership Assignment

Overview Affected versions of this package are vulnerable to Incorrect Ownership Assignment through improper validation of the defaultGroup ID after group access revocation. An attacker can gain unauthorized access to group collections and perform full CRUD operations by omitting the X-Tenant...

8.6CVSS5.5AI score0.00247EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:41 p.m.4 views

Incorrect Ownership Assignment

Overview Affected versions of this package are vulnerable to Incorrect Ownership Assignment through improper validation of the defaultGroup ID after group access revocation. An attacker can gain unauthorized access to group collections and perform full CRUD operations by omitting the X-Tenant...

8.6CVSS5.5AI score0.00247EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:41 p.m.7 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the getbyteinc function during CBOR parsing in OSCORE negotiation. An attacker can access sensitive memory contents or cause a heap buffer overflow by sending specially crafted CoAP requests with malformed OSCORE...

9.8CVSS5.7AI score0.00296EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:39 p.m.6 views

Incorrect Authorization

Overview @auth0/nextjs-auth0 is a Next.js SDK for signing in with Auth0 Affected versions of this package are vulnerable to Incorrect Authorization in the proxy cache fetcher. An attacker can gain unauthorized access to sensitive information or perform actions with insufficient authorization by...

6CVSS5.7AI score0.00214EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:33 p.m.4 views

Command Injection

Overview studio-42/elfinder is an open-source file manager for web, written in JavaScript using jQuery UI. Affected versions of this package are vulnerable to Command Injection via the resize process when the bg parameter is supplied by a user and is not properly sanitized before being incorporat...

9.8CVSS6.1AI score0.01567EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:33 p.m.5 views

External Control of File Name or Path

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to External Control of File Name or Path via improper validation of file paths in the media embedding. An attacker can access arbitrary files on the host system or trigger network credential...

7.1CVSS5.9AI score0.00264EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/17 10:32 p.m.1 views

Insecure Default Initialization of Resource

Overview @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin community maintained by @m1heng Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via improper validation of the encryptKey configuration and blank callback tokens. An attacker can ga...

9.8CVSS5.8AI score0.00718EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/17 10:32 p.m.4 views

Use of a Key Past its Expiration Date

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Use of a Key Past its Expiration Date due to the reuse of a previously resolved bearer authentication configuration in the gateway after a SecretRef rotation. An attacker can maintain...

9.8CVSS5.8AI score0.0054EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/17 10:31 p.m.10 views

Arbitrary Code Injection

Overview org.webjars.npm:math-codegen is a Generates code from mathematical expressions Affected versions of this package are vulnerable to Arbitrary Code Injection via the parse function. An attacker can execute arbitrary code by supplying crafted input that is injected directly into a dynamical...

9.8CVSS6.2AI score0.00393EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:31 p.m.9 views

Arbitrary Code Injection

Overview math-codegen is a Generates code from mathematical expressions Affected versions of this package are vulnerable to Arbitrary Code Injection via the parse function. An attacker can execute arbitrary code by supplying crafted input that is injected directly into a dynamically created...

9.8CVSS6.2AI score0.00393EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:31 p.m.5 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the advertisedReferences function. The headers - including Authorization headers - from an initial /info/refs request are forwarded to redirect targets. An attacker can obtain authentication...

7.4CVSS5.8AI score0.00259EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:31 p.m.7 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the advertisedReferences function. The headers - including Authorization headers - from an initial /info/refs request are forwarded to redirect targets. An attacker can obtain authentication...

7.4CVSS5.8AI score0.00259EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:31 p.m.9 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the advertisedReferences function. The headers - including Authorization headers - from an initial /info/refs request are forwarded to redirect targets. An attacker can obtain authentication...

7.4CVSS5.8AI score0.00259EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:30 p.m.4 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the TokenAuthenticator process. An attacker can determine valid usernames by measuring response time differences when submitting authentication requests with the X-AUTH-USER header. Remediation Upgrade kimai/kimai to...

6.3CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:24 p.m.6 views

SQL Injection

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to SQL Injection in the handling of the tableprefix and schema parameters in multiple conversation store backends, where these values are...

8.6CVSS6.4AI score0.00347EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/17 10:24 p.m.5 views

SQL Injection

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

8.6CVSS6.4AI score0.00347EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/17 10:23 p.m.11 views

Command Injection

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

9.8CVSS6.2AI score0.00541EPSS
Exploits2References2
Snyk
Snyk
added 2026/04/17 10:21 p.m.7 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the findTempDir and copyAgent processes. An attacker can overwrite arbitrary files on the host system by controlling the TMPDIR environment variable in a Java process and leveraging symlink manipulation. This is only...

8.4CVSS5.9AI score0.00194EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/17 10:21 p.m.5 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the findTempDir and copyAgent processes. An attacker can overwrite arbitrary files on the host system by controlling the TMPDIR environment variable in a Java process and leveraging symlink manipulation. This is only...

8.4CVSS6AI score0.00194EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/17 10:20 p.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the service invocation access control process. An attacker can bypass access control policies and invoke unauthorized methods by submitting specially crafted method paths containing encoded path traversal...

8.6CVSS5.8AI score0.00325EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/17 10:20 p.m.3 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the service invocation access control process. An attacker can bypass access control policies and invoke unauthorized methods by submitting specially crafted method paths containing encoded path traversal...

8.6CVSS5.8AI score0.00325EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/17 10:20 p.m.2 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the service invocation access control process. An attacker can bypass access control policies and invoke unauthorized methods by submitting specially crafted method paths containing encoded path traversal...

8.6CVSS5.8AI score0.00325EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/17 10:20 p.m.3 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the service invocation access control process. An attacker can bypass access control policies and invoke unauthorized methods by submitting specially crafted method paths containing encoded path traversal...

8.6CVSS5.8AI score0.00325EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/17 10:20 p.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the service invocation access control process. An attacker can bypass access control policies and invoke unauthorized methods by submitting specially crafted method paths containing encoded path traversal...

8.6CVSS5.8AI score0.00325EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/17 10:20 p.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the service invocation access control process. An attacker can bypass access control policies and invoke unauthorized methods by submitting specially crafted method paths containing encoded path traversal...

8.6CVSS5.8AI score0.00325EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/17 10:20 p.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the service invocation access control process. An attacker can bypass access control policies and invoke unauthorized methods by submitting specially crafted method paths containing encoded path traversal...

8.6CVSS5.8AI score0.00325EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/17 10:18 p.m.4 views

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webSocketDebuggerUrl field in the /json/version response. An attacker can cause the application to initiate connections to arbitrary, potentially...

9.1CVSS5.8AI score0.00265EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:17 p.m.5 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the host-media attachment read helper. An attacker can access unauthorized local files by bypassing sender or group-scoped policy restrictions through the...

7.7CVSS5.8AI score0.00236EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:17 p.m.5 views

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the outbound media handling. An attacker can access arbitrary local files by referencing host-local paths outside the intended media storage boundary in reply text...

9.6CVSS6.4AI score0.00369EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:16 p.m.3 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the exec approval binding. An attacker can bypass intended approval mechanisms and execute unauthorized applets or scripts by leveraging opaque multi-call...

8.8CVSS5.8AI score0.00356EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:15 p.m.2 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the operator.write message-tool. An attacker can modify persistent Matrix profile configuration without proper authorization by sending crafted requests throug...

7.6CVSS5.7AI score0.00295EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/17 10:15 p.m.13 views

Incorrect Authorization

Overview @openclaw/matrix is an OpenClaw Matrix channel plugin Affected versions of this package are vulnerable to Incorrect Authorization via the operator.write message-tool. An attacker can modify persistent Matrix profile configuration without proper authorization by sending crafted requests...

7.6CVSS5.8AI score0.00295EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/17 10:14 p.m.7 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via host=node override in the routing execution. An attacker can bypass intended sandbox restrictions and execute code on a remote node by manipulating the routing...

9.9CVSS6AI score0.00347EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:12 p.m.9 views

Unsafe Dependency Resolution

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the authentication setup. An attacker can cause untrusted workspace plugins to be auto-enabled by leveraging non-interactive onboarding that selects a...

8.8CVSS5.7AI score0.00381EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:0 p.m.7 views

Incorrect Authorization

Overview @openclaw/nostr is an OpenClaw Nostr channel plugin for NIP-04 encrypted DMs Affected versions of this package are vulnerable to Incorrect Authorization through the operator.write configuration. An attacker can modify and persist unauthorized profile configurations by sending crafted HTT...

6.5CVSS5.8AI score0.00218EPSS
Exploits0References3
Total number of security vulnerabilities32851