Lucene search
K

33203 matches found

Snyk
Snyk
added 2026/04/15 6:31 p.m.10 views

Prototype Pollution

Overview protocol-buffers-schema is a No nonsense protocol buffers schema parser written in Javascript Affected versions of this package are vulnerable to Prototype Pollution via the parse function. An attacker can modify object prototypes, potentially altering application logic, bypassing securi...

6.9CVSS6.3AI score0.00534EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 6:24 p.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the query plugin. An attacker can gain unauthorized access to resources belonging to other organizations by executing VQL queries with their current ACL token, thereby inheriting their permissions across...

9.1CVSS5.7AI score0.00224EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 6:24 p.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the query plugin. An attacker can gain unauthorized access to resources belonging to other organizations by executing VQL queries with their current ACL token, thereby inheriting their permissions across...

9.1CVSS5.7AI score0.00224EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 6:24 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the query plugin. An attacker can gain unauthorized access to resources belonging to other organizations by executing VQL queries with their current ACL token, thereby inheriting their permissions across...

9.1CVSS5.7AI score0.00224EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 6:24 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the query plugin. An attacker can gain unauthorized access to resources belonging to other organizations by executing VQL queries with their current ACL token, thereby inheriting their permissions across...

9.1CVSS5.7AI score0.00224EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 6:24 p.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the query plugin. An attacker can gain unauthorized access to resources belonging to other organizations by executing VQL queries with their current ACL token, thereby inheriting their permissions across...

9.1CVSS5.7AI score0.00224EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 6:24 p.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the query plugin. An attacker can gain unauthorized access to resources belonging to other organizations by executing VQL queries with their current ACL token, thereby inheriting their permissions across...

9.1CVSS5.7AI score0.00224EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 4:11 p.m.5 views

Arbitrary Code Injection

Overview upsonic is a Task oriented AI agent framework for digital workers and vertical AI agents Affected versions of this package are vulnerable to Arbitrary Code Injection via the MCP server task creation functionality. An attacker can execute arbitrary operating system commands with the...

9.8CVSS6AI score0.00974EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 4:11 p.m.5 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via “Contact Point Writer” role that by default grants permission to alert.notifications:write or alert.notifications.receivers:test actions. An attacker can gain unauthorized access to sensitive configuration data,...

6.5CVSS5.7AI score0.00255EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 4:11 p.m.3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via “Contact Point Writer” role that by default grants permission to alert.notifications:write or alert.notifications.receivers:test actions. An attacker can gain unauthorized access to sensitive configuration data,...

6.5CVSS5.7AI score0.00255EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 4:11 p.m.5 views

Arbitrary Code Injection

Overview langchain-chatchat is a Langchain-Chatchat formerly langchain-ChatGLM, local knowledge based LLM like ChatGLM, Qwen and Llama RAG and Agent app with langchain Affected versions of this package are vulnerable to Arbitrary Code Injection via the MCP STDIO server configuration and execution...

8.6CVSS6.2AI score0.00472EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 3:31 p.m.5 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data for the accesskey and connectionstring properties, which were not properly masked as sensitive information. An attacker can obtain confidential credentials by accessing the Connection UI...

6.5CVSS5.8AI score0.00552EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/15 2:59 p.m.4 views

Malicious Package

Overview tensorzero-node is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/15 2:59 p.m.5 views

Malicious Package

Overview tether-wrk-base is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/15 2:57 p.m.4 views

Malicious Package

Overview fusion-events is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/15 2:57 p.m.6 views

Malicious Package

Overview vs-supplier-portal-web is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/15 2:57 p.m.4 views

Malicious Package

Overview base-counter-web is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/15 2:19 p.m.6 views

Malicious Package

Overview @pnc-cib/cib-core-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/15 1:56 p.m.6 views

Malicious Package

Overview laserlogsink is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/15 1:49 p.m.4 views

Malicious Package

Overview com.baogong.apppushpermission is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/15 12:34 p.m.6 views

Authorization Bypass Through User-Controlled Key

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the ResourceService in the resource management API. An...

7.6CVSS5.8AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 12:11 p.m.5 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the /debugging/config/dump endpoint if there are second level Properties objects in the configuration. An attacker can obtain sensitive configuration details, including database credentials, by sending requests ...

7.5CVSS5.7AI score0.00544EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 11:15 a.m.6 views

Interpretation Conflict

Overview @fastify/express is an Express compatibility layer for Fastify Affected versions of this package are vulnerable to Interpretation Conflict due to improper handling of middleware paths in the onRegister function. An attacker can gain unauthorized access to protected routes by exploiting t...

9.3CVSS5.7AI score0.0043EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/15 11:15 a.m.4 views

Interpretation Conflict

Overview @fastify/express is an Express compatibility layer for Fastify Affected versions of this package are vulnerable to Interpretation Conflict via improper URL normalization gaps. An attacker can gain unauthorized access to protected routes by manipulating the URL path with duplicate slashes...

9.1CVSS5.7AI score0.00483EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/15 11:15 a.m.6 views

HTTP Header Injection

Overview @fastify/http-proxy is a proxy http requests, for Fastify Affected versions of this package are vulnerable to HTTP Header Injection via improper handling of the Connection header after proxy-added headers have been set. An attacker can remove headers intended for routing, access control,...

9CVSS5.8AI score0.00441EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/15 11:15 a.m.6 views

HTTP Header Injection

Overview @fastify/reply-from is a forward your HTTP request to another server, for fastify Affected versions of this package are vulnerable to HTTP Header Injection via improper handling of the Connection header after proxy-added headers have been set. An attacker can remove headers intended for...

9CVSS5.8AI score0.00441EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/15 11:15 a.m.7 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the authentication process. An attacker can modify a user's authentication method by tricking the user into visiting a malicious page. Remediation Upgrade...

8.1CVSS5.8AI score0.00129EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.7 views

LDAP Injection

Overview Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP search filters by supplying a crafted X.500 subject or issuer string that is parsed into an...

7.3CVSS5.7AI score0.00527EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.7 views

LDAP Injection

Overview org.bouncycastle:bcprov-jdk15to18 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP searc...

7.3CVSS5.7AI score0.00527EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.11 views

LDAP Injection

Overview Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP search filters by supplying a crafted X.500 subject or issuer string that is parsed into an...

7.3CVSS5.7AI score0.00527EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.8 views

LDAP Injection

Overview org.bouncycastle:bcprov-jdk14 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP search...

7.3CVSS5.7AI score0.00527EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.6 views

LDAP Injection

Overview Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP search filters by supplying a crafted X.500 subject or issuer string that is parsed into an...

7.3CVSS5.7AI score0.00527EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.6 views

LDAP Injection

Overview Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP search filters by supplying a crafted X.500 subject or issuer string that is parsed into an...

7.3CVSS5.7AI score0.00527EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.9 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the generateCTR process in G3413CTRBlockCipher. An attacker can recover relationships between encrypted plaintext blocks by driving the cipher past its counter range and causing th...

9.3CVSS5.7AI score0.00313EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.11 views

Use of a Broken or Risky Cryptographic Algorithm

Overview org.bouncycastle:bcprov-jdk15to18 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the generateCTR process in G3413CTRBlockCipher. An attacker can recover relationships betwee...

9.3CVSS5.7AI score0.00313EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.7 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the generateCTR process in G3413CTRBlockCipher. An attacker can recover relationships between encrypted plaintext blocks by driving the cipher past its counter range and causing th...

9.3CVSS5.7AI score0.00313EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.13 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the generateCTR process in G3413CTRBlockCipher. An attacker can recover relationships between encrypted plaintext blocks by driving the cipher past its counter range and causing th...

9.3CVSS5.7AI score0.00313EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.12 views

Use of a Broken or Risky Cryptographic Algorithm

Overview org.bouncycastle:bcprov-jdk14 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the generateCTR process in G3413CTRBlockCipher. An attacker can recover relationships between...

9.3CVSS5.7AI score0.00313EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.9 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the generateCTR process in G3413CTRBlockCipher. An attacker can recover relationships between encrypted plaintext blocks by driving the cipher past its counter range and causing th...

9.3CVSS5.7AI score0.00313EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:13 a.m.5 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values by observing how long Frodo key generation or encapsulation takes when it processes...

9.9CVSS5.7AI score0.00691EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/15 10:13 a.m.8 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values by observing how long Frodo key generation or encapsulation takes when it processes...

9.9CVSS5.7AI score0.00691EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/15 10:13 a.m.6 views

Timing Attack

Overview org.bouncycastle:bcprov-jdk14 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values by...

9.9CVSS5.7AI score0.00691EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/15 10:13 a.m.4 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values by observing how long Frodo key generation or encapsulation takes when it processes...

9.9CVSS5.7AI score0.00691EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/15 10:13 a.m.4 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values by observing how long Frodo key generation or encapsulation takes when it processes...

9.9CVSS5.7AI score0.00691EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/15 10:13 a.m.6 views

Timing Attack

Overview org.bouncycastle:bcprov-jdk15to18 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values ...

9.9CVSS5.7AI score0.00691EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/15 10:13 a.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AEADEncDataPacket parser in AEADEncDataPacket.java. An attacker can crash packet parsing by supplying an AEAD-encrypted OpenPGP packet with an out-of-range chunk size valu...

8.7CVSS5.7AI score0.00758EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:13 a.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AEADEncDataPacket parser in AEADEncDataPacket.java. An attacker can crash packet parsing by supplying an AEAD-encrypted OpenPGP packet with an out-of-range chunk size valu...

8.7CVSS5.7AI score0.00758EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:13 a.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AEADEncDataPacket parser in AEADEncDataPacket.java. An attacker can crash packet parsing by supplying an AEAD-encrypted OpenPGP packet with an out-of-range chunk size valu...

8.7CVSS5.7AI score0.00758EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:13 a.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AEADEncDataPacket parser in AEADEncDataPacket.java. An attacker can crash packet parsing by supplying an AEAD-encrypted OpenPGP packet with an out-of-range chunk size valu...

8.7CVSS5.7AI score0.00758EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:13 a.m.6 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...

9.2CVSS5.7AI score0.00392EPSS
Exploits0References3
Total number of security vulnerabilities33203