Lucene search
K

33229 matches found

Snyk
Snyk
added 2026/04/14 11:47 a.m.5 views

Malicious Package

Overview chatbotloader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:47 a.m.4 views

Malicious Package

Overview apmfe is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:47 a.m.7 views

Malicious Package

Overview okxglobal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:47 a.m.7 views

Malicious Package

Overview pinlogger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:47 a.m.5 views

Malicious Package

Overview okx-nav is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:47 a.m.6 views

Malicious Package

Overview okx-data is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:47 a.m.7 views

Malicious Package

Overview pinstatsd is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:47 a.m.7 views

Malicious Package

Overview bytefrontier-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:47 a.m.3 views

Malicious Package

Overview use-form-builder-plugin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:47 a.m.4 views

Malicious Package

Overview vv-ftend-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:47 a.m.7 views

Malicious Package

Overview onewin-landing is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:47 a.m.7 views

Malicious Package

Overview one-sdui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:47 a.m.6 views

Malicious Package

Overview ms-affiliate-links is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:47 a.m.7 views

Malicious Package

Overview use-feature-flags-plugin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:47 a.m.7 views

Malicious Package

Overview partner-tracker-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:47 a.m.4 views

Malicious Package

Overview bytefrontier-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:47 a.m.7 views

Malicious Package

Overview bytefrontier-tracker is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:47 a.m.5 views

Malicious Package

Overview bytefrontier is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:47 a.m.6 views

Malicious Package

Overview partner-tracker is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:47 a.m.5 views

Malicious Package

Overview billing-paywidget is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:47 a.m.7 views

Malicious Package

Overview vv-ftend-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:47 a.m.4 views

Malicious Package

Overview bytefrontier-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:47 a.m.7 views

Malicious Package

Overview vip-landing is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:47 a.m.5 views

Malicious Package

Overview bytefrontier-partner is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:47 a.m.3 views

Malicious Package

Overview one-translations is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:38 a.m.11 views

Malicious Package

Overview tailwind-lines-clamp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:37 a.m.5 views

Malicious Package

Overview babel-plugin-blocks is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:37 a.m.6 views

Malicious Package

Overview pubnub-element is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:37 a.m.5 views

Malicious Package

Overview markdownlint-rule-link-pattern is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:37 a.m.5 views

Malicious Package

Overview seaport-core-16 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:31 a.m.4 views

Malicious Package

Overview magentaa11y is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:31 a.m.5 views

Malicious Package

Overview percy-cake-docker is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 9:14 a.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in ExtractEmbeddedFiles. An attacker can write files to arbitrary locations outside the intended directory by crafting malicious PDF files that exploit improper handling of file path separators. Note: This issue...

6.5CVSS6.3AI score0.00886EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 4:4 a.m.8 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the getHostByName function in the v2 template engine. An attacker can cause sensitive data to be disclosed by crafting or updating templated resources that trigger DNS queries containing secret-derived values fr...

7.1CVSS5.7AI score0.00262EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 1:11 a.m.5 views

Directory Traversal

Overview gdown is a Google Drive Public File/Folder Downloader Affected versions of this package are vulnerable to Directory Traversal via the extractall function. An attacker can overwrite arbitrary files on the file system by supplying a maliciously crafted ZIP or TAR archive containing path...

7.8CVSS6.3AI score0.00575EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 1:11 a.m.4 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the cross-domain redirects that do not strip custom authentication headers such as X-API-Key, X-Auth-Token, Api-Key, Token. An attacker can obtain sensitive...

7.7CVSS5.8AI score0.00486EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 1:11 a.m.5 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the cross-domain redirects that do not strip custom authentication headers such as X-API-Key, X-Auth-Token, Api-Key, Token. An attacker can obtain sensitive...

7.7CVSS5.8AI score0.00486EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 1:8 a.m.6 views

LDAP Injection

Overview mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. Affected versions of this package are vulnerable to LDAP Injection through the Ldap authentication handler in mitmproxy/addons/proxyauth.py. An attacker can...

8.3CVSS5.8AI score0.00166EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 1:7 a.m.4 views

Origin Validation Error

Overview org.asynchttpclient:async-http-client is a maven plugin for the Async Http Client AHC classes. Affected versions of this package are vulnerable to Origin Validation Error in the Redirect30xInterceptor class. An attacker in control of a cross-origin redirect target via a different exploit...

8.9CVSS5.8AI score0.00326EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 1:7 a.m.4 views

Authorization Bypass Through User-Controlled Key

Overview fatfreecrm is a customer relationship management platform. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the destroy action in app/controllers/emailscontroller.rb. An attacker can delete another user’s email record by sending...

4.2CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 1:6 a.m.6 views

Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the getApiToken method when rendering invoice templates via the Twig sandbox environment. An attacker can access hashed API tokens of users by embedding calls to this method in a custom invoice...

2CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 1:5 a.m.4 views

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the OverlappingFieldsCanBeMerged validation process. An attacker can cause excessive CPU usage and resource exhaustion by submitting queries containing thousands of repeated fields with the sam...

7.5CVSS5.8AI score0.00485EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 12:15 a.m.5 views

Uncontrolled Recursion

Overview @nestjs/microservices is a Nest - modern, fast, powerful node.js web framework @microservices Affected versions of this package are vulnerable to Uncontrolled Recursion through the handleData function in packages/microservices/helpers/json-socket.ts. An attacker can crash the TCP...

8.7CVSS5.7AI score0.00329EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/14 12:7 a.m.7 views

Malicious Package

Overview getcardslib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 12:4 a.m.4 views

Missing Authentication for Critical Function

Overview github.com/minio/minio/cmd is an open source object storage server compatible with Amazon S3 APIs. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the PutObjectExtractHandler, PutObjectHandler, and PutObjectPartHandler function. An...

8.8CVSS5.8AI score0.00418EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/14 12:4 a.m.9 views

Arbitrary Argument Injection

Overview @aiondadotcom/mcp-ssh is a MCP Agent for managing SSH hosts - A Model Context Protocol server for SSH operations Affected versions of this package are vulnerable to Arbitrary Argument Injection via improper handling of the hostAlias, command, localPath, or remotePath arguments. An attack...

8.8CVSS6AI score
Exploits0References3
Snyk
Snyk
added 2026/04/14 12:3 a.m.4 views

Directory Traversal

Overview excel-mcp-server is an Excel MCP Server for manipulating Excel files Affected versions of this package are vulnerable to Directory Traversal via the getexcelpath function. An attacker can read, write, overwrite, and create arbitrary files and directories on the host filesystem by supplyi...

9.4CVSS6.3AI score0.00391EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 12:0 a.m.6 views

Malicious Package

Overview admin0911 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 11:57 p.m.4 views

Malicious Package

Overview @adac-fahrzeugplattform/ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 11:8 p.m.6 views

Off-by-one Error

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.8CVSS5.8AI score0.00177EPSS
Exploits0References2
Total number of security vulnerabilities33229