Lucene search
K

32882 matches found

Snyk
Snyk
added 2026/04/14 11:31 p.m.6 views

Out-of-bounds Read

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

4.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:31 p.m.9 views

Out-of-bounds Read

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

4.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:31 p.m.6 views

Out-of-bounds Read

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

4.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:31 p.m.6 views

Out-of-bounds Read

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

4.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:31 p.m.5 views

Out-of-bounds Read

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

4.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:31 p.m.6 views

Out-of-bounds Read

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

4.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:31 p.m.6 views

Out-of-bounds Read

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

4.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:31 p.m.5 views

Out-of-bounds Read

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

4.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:31 p.m.7 views

Out-of-bounds Read

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

4.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:31 p.m.8 views

Out-of-bounds Read

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

4.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:31 p.m.7 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the EncryptedXml class. An attacker can cause excessive resource consumption by providing specially crafted XML input. Details XXE Injection is a type of attack against an application that parses XM...

8.7CVSS6.3AI score0.01753EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:30 p.m.11 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the EncryptedXml class. An attacker can cause an infinite loop and exhaust system resources by submitting specially crafted XML data. Note: The patch in version 10.0.6 introduced a regression and users are strongly...

8.7CVSS6.4AI score0.02142EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.11 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.7 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.4 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.6 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.10 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.13 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.5 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.6 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.4 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.4 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.8 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.5 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.7 views

Command Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Command Injection via unsanitized input to the wget function. An attacker can execute arbitrary system commands by supplying crafted input containing shell...

9.3CVSS6AI score0.00335EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 11:25 p.m.4 views

Cross-site Scripting (XSS)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS in the ParsedownSafeWithLinks process. An attacker can execute arbitrary JavaScript in the context of another user's browser session by...

5.9CVSS5.7AI score0.00216EPSS
Exploits2References2
Snyk
Snyk
added 2026/04/14 11:23 p.m.7 views

Directory Traversal

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal via the trygetcontentsfromlocal function. An attacker can access arbitrary files on the server filesystem by supplying specially crafted URLs...

7.1CVSS6.3AI score0.00718EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 11:22 p.m.13 views

Cross-site Scripting (XSS)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS in the isValidDuration function due to insufficient input validation of the duration parameter, which allows arbitrary HTML or JavaScript ...

5.4CVSS5.7AI score0.00173EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 11:22 p.m.8 views

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isSSRFSafeURL function. An attacker can access internal services and exfiltrate sensitive data by supplying a crafted URL...

7.7CVSS5.8AI score0.003EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 11:21 p.m.5 views

Directory Traversal

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal via the deleteDump parameter in the cloneServer.json.php process. An attacker can delete arbitrary files on the server by supplying path...

8.1CVSS6.4AI score0.00469EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 11:18 p.m.8 views

Origin Validation Error

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Origin Validation Error in the CORS handling process. An attacker can access sensitive authenticated API responses, including user profile data, email, admin statu...

7.1CVSS5.8AI score0.00132EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 11:18 p.m.9 views

Permissive Cross-domain Policy with Untrusted Domains

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the allowOrigin function. An attacker can access sensitive user data and perform unauthorized actions by...

8.6CVSS5.7AI score0.00335EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 11:15 p.m.5 views

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the plugin/LiveLinks/proxy.php process. An attacker can access internal services or sensitive endpoints by exploiting a DN...

8.8CVSS5.8AI score0.00377EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 11:14 p.m.5 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the validateTokenWithContext function. An attacker can obtain sensitive authentication tokens by accessing debug-level application logs or connected log aggregation systems, and...

8.7CVSS5.8AI score0.00308EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:13 p.m.3 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview giskard-checks is an Add your description here Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the rule parameter in the ConformityCheck class. An attacker can execute arbitrary code by supplying malicious...

7.8CVSS6.2AI score0.00144EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:13 p.m.6 views

Regular Expression Denial of Service (ReDoS)

Overview giskard-checks is an Add your description here Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the re.search file. An attacker can cause the process to hang and impact system availability by supplying a crafted regular expression pattern ...

5.5CVSS5.8AI score0.00149EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:13 p.m.12 views

Guessable CAPTCHA

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Guessable CAPTCHA through the getCaptcha.php process, which allows external control over the CAPTCHA length parameter without proper validation. An attacker can...

6.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:13 p.m.6 views

Cross-site Request Forgery (CSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the commentDelete.json.php endpoint, which lacks proper validation of request origin and does not require a CSRF token. An...

5.4CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:12 p.m.6 views

Cross-site Request Forgery (CSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the handling of JSON endpoints that process state-changing requests without verifying the origin or requiring an anti-CSRF token...

5.4CVSS5.8AI score0.00115EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 11:12 p.m.5 views

Cross-site Request Forgery (CSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the handling of certain admin JSON endpoints, specifically categoryAddNew.json.php, categoryDelete.json.php, and...

7.1CVSS6AI score0.00166EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 11:12 p.m.10 views

Cross-site Request Forgery (CSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the configurationUpdate.json.php process. An attacker can gain full control over site configuration, inject arbitrary HTML into...

8.7CVSS5.8AI score0.00173EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 11:11 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the /SyncPlay/New endpoint. An attacker can exhaust system memory and disrupt service availability by submitting excessively large SyncPlay group names in POST requests to the...

7.1CVSS5.8AI score0.0026EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:11 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Jellyfin.Common is an a Free Software Media System that puts you in control of managing and streaming your media. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the POST /LiveTv/TunerHosts endpoint when the tuner URL is not properly validated. An...

9.6CVSS5.9AI score0.00312EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 11:11 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the POST /LiveTv/TunerHosts endpoint when the tuner URL is not properly validated. An attacker can read arbitrary local files and perform unauthorized requests to internal or external systems by...

9.6CVSS5.8AI score0.00312EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 11:11 p.m.5 views

Insufficient Session Expiration

Overview github.com/oauth2-proxy/oauth2-proxy/v7 is a reverse proxy that provides authentication with Google, Github or other providers. Affected versions of this package are vulnerable to Insufficient Session Expiration through the SignInPage handler in oauthproxy.go. An attacker can keep a...

6.9CVSS5.8AI score0.00183EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:11 p.m.5 views

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via the ParseStreamOptions method. An attacker can access arbitrary files on the server and exfiltrate their contents by injecting malicious arguments into the StreamOptions query parameter, which are then...

9.3CVSS5.9AI score0.00319EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/14 11:9 p.m.3 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path in the POST /Videos/itemId/Subtitles endpoint due to insufficient validation of the Format field, which allows path traversal via the file extension and enables arbitrary file write. An attacker can...

9.9CVSS5.9AI score0.00753EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/14 10:50 p.m.3 views

Arbitrary Code Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Arbitrary Code Injection via the msg and callback fields in relayed WebSocket messages, which are processed by client-side eval sinks. An attacker can execute...

10CVSS6.1AI score0.00645EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 10:49 p.m.12 views

Directory Traversal

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal via the locale/save.php process. An attacker can write arbitrary PHP files to any web-accessible directory and execute code by supplying crafte...

8.7CVSS6.5AI score0.00656EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 10:49 p.m.4 views

Active Debug Code

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Active Debug Code via the git.json.php script, which executes a shell command and returns sensitive information as JSON to any unauthenticated user. An attacker ca...

6.9CVSS5.8AI score
Exploits0References2
Total number of security vulnerabilities32882