Lucene search
K

33203 matches found

Snyk
Snyk
•added 2026/04/15 10:13 a.m.•6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AEADEncDataPacket parser in AEADEncDataPacket.java. An attacker can crash packet parsing by supplying an AEAD-encrypted OpenPGP packet with an out-of-range chunk size valu...

8.7CVSS5.7AI score0.00758EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/15 10:13 a.m.•4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AEADEncDataPacket parser in AEADEncDataPacket.java. An attacker can crash packet parsing by supplying an AEAD-encrypted OpenPGP packet with an out-of-range chunk size valu...

8.7CVSS5.7AI score0.00758EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/15 10:13 a.m.•9 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...

9.2CVSS5.7AI score0.00392EPSS
Exploits0References3
Snyk
Snyk
•added 2026/04/15 10:13 a.m.•7 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...

9.2CVSS5.7AI score0.00392EPSS
Exploits0References3
Snyk
Snyk
•added 2026/04/15 10:13 a.m.•12 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...

9.2CVSS5.7AI score0.00392EPSS
Exploits0References3
Snyk
Snyk
•added 2026/04/15 10:13 a.m.•9 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...

9.2CVSS5.7AI score0.00392EPSS
Exploits0References3
Snyk
Snyk
•added 2026/04/15 10:13 a.m.•9 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...

9.2CVSS5.7AI score0.00392EPSS
Exploits0References3
Snyk
Snyk
•added 2026/04/15 3:14 a.m.•8 views

Malicious Package

Overview cw-isdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/15 3:12 a.m.•5 views

Malicious Package

Overview snitz-chief-cloud-config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/15 3:12 a.m.•4 views

Malicious Package

Overview snitz-chief-cloud is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/15 3:12 a.m.•6 views

Malicious Package

Overview chief-proxy-out is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/15 3:12 a.m.•5 views

Malicious Package

Overview pdf-linker is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/15 3:12 a.m.•3 views

Malicious Package

Overview chief-documentation is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/15 3:12 a.m.•5 views

Malicious Package

Overview moscova-plural-json-parser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/15 3:7 a.m.•7 views

Malicious Package

Overview mongoose-stamps is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/15 3:2 a.m.•7 views

Malicious Package

Overview ahmedsalemph is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/15 2:9 a.m.•4 views

Improper Validation of Specified Type of Input

Overview fastify is an overhead web framework, for Node.js. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the schema.body.content when a space is prepended to the Content-Type header. An attacker can bypass input validation by sending...

8.7CVSS5.7AI score0.00408EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/15 1:9 a.m.•8 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the zarf package inspect sbom and zarf package inspect documentation subcommands when the output file path is constructed using a user-controlled output directory combined with the untrusted Metadata.Name field...

7.1CVSS6.4AI score0.0032EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/15 1:9 a.m.•5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the zarf package inspect sbom and zarf package inspect documentation subcommands when the output file path is constructed using a user-controlled output directory combined with the untrusted Metadata.Name field...

7.1CVSS6.4AI score0.0032EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/15 1:9 a.m.•3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the zarf package inspect sbom and zarf package inspect documentation subcommands when the output file path is constructed using a user-controlled output directory combined with the untrusted Metadata.Name field...

7.1CVSS6.4AI score0.0032EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/15 12:7 a.m.•7 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the rules engine process. An attacker can execute arbitrary code on the server, read arbitrary files, steal environment variables including database credentials, and bypass multi-tenant isolation to access da...

9.9CVSS6.3AI score0.00924EPSS
Exploits2References2
Snyk
Snyk
•added 2026/04/15 12:0 a.m.•6 views

Directory Traversal

Overview instructlab is a Core package for interacting with InstructLab Affected versions of this package are vulnerable to Directory Traversal via the chat session handler. An attacker can create new directories and write files to arbitrary locations on the system by manipulating the logsdir...

8.4CVSS6.3AI score0.00164EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/14 11:42 p.m.•7 views

Resource Injection

Overview Affected versions of this package are vulnerable to Resource Injection in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can bypass intended validation by supplying specially crafted package metadata IDs or versions. Remediation Upgrade...

9.6CVSS5.8AI score0.00527EPSS
Exploits0References3
Snyk
Snyk
•added 2026/04/14 11:42 p.m.•3 views

Resource Injection

Overview NuGet.Packaging is a NuGet's implementation for reading nupkg package and nuspec package specification files. Affected versions of this package are vulnerable to Resource Injection in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can bypass...

9.6CVSS5.8AI score0.00527EPSS
Exploits0References3
Snyk
Snyk
•added 2026/04/14 11:42 p.m.•6 views

Resource Injection

Overview Affected versions of this package are vulnerable to Resource Injection in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can bypass intended validation by supplying specially crafted package metadata IDs or versions. Remediation Upgrade...

9.6CVSS5.7AI score0.00527EPSS
Exploits0References3
Snyk
Snyk
•added 2026/04/14 11:41 p.m.•4 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the VerifyTimestampResponse function when a forged certificate is prepended to the certificate bag. An attacker can bypass authorization checks by supplying a payload where the signature is validated...

6.7CVSS5.3AI score0.00099EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/14 11:41 p.m.•4 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the VerifyTimestampResponse function when a forged certificate is prepended to the certificate bag. An attacker can bypass authorization checks by supplying a payload where the signature is validated...

6.7CVSS5.3AI score0.00099EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/14 11:41 p.m.•5 views

Infinite loop

Overview iodine is a fast HTTP / Websocket Server with built-in Pub/Sub support with or without Redis, static file support and many other features, optimized for Ruby MRI on Linux / BSD / macOS. Affected versions of this package are vulnerable to Infinite loop through the fiojsonparse function. A...

8.7CVSS5.8AI score0.00294EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/14 11:40 p.m.•6 views

Improper Authentication

Overview github.com/minio/minio/cmd is an open source object storage server compatible with Amazon S3 APIs. Affected versions of this package are vulnerable to Improper Authentication via the PutObjectHandler and PutObjectPartHandler function. An attacker can gain unauthorized write access to...

8.8CVSS5.8AI score0.00349EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/14 11:39 p.m.•7 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the multiple writer sinks such as serialization/deserialization keys, path/query parameter mappings, URL template metadata, enum/property metadata, and default value emission. An attacker can execute arbitra...

7.8CVSS6.1AI score0.00421EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/14 11:39 p.m.•3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the multiple writer sinks such as serialization/deserialization keys, path/query parameter mappings, URL template metadata, enum/property metadata, and default value emission. An attacker can execute arbitra...

7.8CVSS6.1AI score0.00421EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/14 11:39 p.m.•5 views

Insufficient Session Expiration

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Insufficient Session Expiration due to improper session management when user permissions are changed. An attacker can retain unauthorized access to resource...

6.3CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/14 11:38 p.m.•8 views

Insufficient Session Expiration

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Insufficient Session Expiration due to the caching of user roles and permissions in the session at login, which are not refreshed after changes in the...

8.8CVSS5.8AI score0.00325EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/14 11:36 p.m.•9 views

Server-side Request Forgery (SSRF)

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the actionResourceJs process. An attacker can cause the server to make arbitrary HTTP requests by supplying a malicious Host header when the trustedHosts...

7CVSS5.9AI score0.0026EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/14 11:35 p.m.•6 views

Server-side Request Forgery (SSRF)

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the asset upload mutations process. An attacker can interact with internal services by supplying specially crafted URLs using unsupported schemes, such as...

7CVSS5.7AI score0.00275EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/14 11:34 p.m.•7 views

Missing Authorization

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Missing Authorization via the actionSavePermissions process. An attacker can remove all group memberships from arbitrary users by submitting an empty groups parameter, resulting in immediate...

5.3CVSS5.9AI score0.00248EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/14 11:32 p.m.•8 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.3CVSS5.8AI score0.00273EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/14 11:32 p.m.•7 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.3CVSS5.8AI score0.00273EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/14 11:32 p.m.•7 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.3CVSS5.8AI score0.00273EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/14 11:32 p.m.•9 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.3CVSS5.8AI score0.00273EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/14 11:32 p.m.•6 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.3CVSS5.8AI score0.00273EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/14 11:32 p.m.•4 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.3CVSS5.8AI score0.00273EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/14 11:32 p.m.•8 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

6.3CVSS5.8AI score0.00273EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/14 11:32 p.m.•5 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

6.3CVSS5.8AI score0.00273EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/14 11:32 p.m.•9 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime in the PNG encoder when writing an MNG image. An attacker can cause resource exhaustion by repeatedly triggering failures during image encoding. Remediation A fix was pushed into the...

6.3CVSS5.7AI score0.00273EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/14 11:32 p.m.•6 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

6.3CVSS5.8AI score0.00273EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/14 11:32 p.m.•2 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

6.3CVSS5.8AI score0.00273EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/14 11:32 p.m.•7 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.3CVSS5.8AI score0.00273EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/14 11:32 p.m.•7 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.3CVSS5.8AI score0.00273EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/14 11:32 p.m.•6 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

6.3CVSS5.8AI score0.00273EPSS
Exploits0References2
Total number of security vulnerabilities33203