Lucene search
K

33571 matches found

Snyk
Snyk
added 2026/04/10 8:59 p.m.2 views

XML Entity Expansion

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to XML Entity Expansion when parsing XMP metadata. An attacker can cause excessive memory consumption with excessive DOCTYPE entity...

6.9CVSS5.8AI score0.00423EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 8:42 p.m.6 views

Cross-site Scripting (XSS)

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SVG upload. An user can execute arbitrary scripts in the context of other users by uploading a...

8CVSS5.8AI score0.07598EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 8:18 p.m.10 views

CRLF Injection

Overview basic-ftp is a FTP client for Node.js, supports FTPS over TLS, IPv6, Async/Await, and Typescript. Affected versions of this package are vulnerable to CRLF Injection via the login and openDir methods. An attacker can execute arbitrary FTP commands by injecting control characters into...

9.1CVSS6.1AI score0.02185EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 8:8 p.m.8 views

HTTP Response Splitting

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to HTTP Response Splitting via the parseTokens header processing path in lib/core/AxiosHeaders.js. An attacker can smuggle HTTP requests or inject arbitrary headers by...

9CVSS5.9AI score0.01815EPSS
Exploits5References2
Snyk
Snyk
added 2026/04/10 8:8 p.m.5 views

HTTP Response Splitting

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to HTTP Response Splitting via the parseTokens header processing path in lib/core/AxiosHeaders.js. An attacker can smuggle HTTP requests or inject arbitrary...

9CVSS6.1AI score0.01815EPSS
Exploits5References2
Snyk
Snyk
added 2026/04/10 7:54 p.m.7 views

Race Condition

Overview ajenti.plugin.core is a Core Affected versions of this package are vulnerable to Race Condition in the 2FA authentication. An attacker can gain unauthorized access by exploiting a timing issue immediately after user authentication, allowing them to bypass intended security checks...

9.1CVSS5.8AI score0.00232EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:50 p.m.5 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the file upload. An administrator can execute arbitrary JavaScript in the context of the application by uploading a crafted SVG or HTML file containing malicious scripts, which are then served to users without...

5.9CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:50 p.m.5 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the file upload. An administrator can execute arbitrary JavaScript in the context of the application by uploading a crafted SVG or HTML file containing malicious scripts, which are then served to users without...

5.9CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:50 p.m.6 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the file upload. An administrator can execute arbitrary JavaScript in the context of the application by uploading a crafted SVG or HTML file containing malicious scripts, which are then served to users without...

5.9CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:50 p.m.7 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the file upload. An administrator can execute arbitrary JavaScript in the context of the application by uploading a crafted SVG or HTML file containing malicious scripts, which are then served to users without...

5.9CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:49 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the validateWebhookURL function. An administrator can access internal network resources and cloud metadata endpoints by submitting webhook URLs that use hostnames resolving to private IP addresses,...

7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:49 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the validateWebhookURL function. An administrator can access internal network resources and cloud metadata endpoints by submitting webhook URLs that use hostnames resolving to private IP addresses,...

7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:49 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the validateWebhookURL function. An administrator can access internal network resources and cloud metadata endpoints by submitting webhook URLs that use hostnames resolving to private IP addresses,...

7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:49 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the validateWebhookURL function. An administrator can access internal network resources and cloud metadata endpoints by submitting webhook URLs that use hostnames resolving to private IP addresses,...

7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:49 p.m.4 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing authorization checks in the GetSystemLogs, SSESubscribeSystemLogs, and WSSubscribeSystemLogs endpoints. A non-admin user can access sensitive server log information, including error stack traces,...

5.3CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:49 p.m.5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to the lack of a RequireScopes call in internal/router/comment.go comment panel admin endpoint. An attacker can gain unauthorized access to comment moderation operations, including listing, approving, rejecting...

6.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:49 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the PUT /user route. An attacker can gain full administrative privileges by using a read-only access token to change the administrator's password, then logging in to obtain an unrestricted session token that...

8.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:49 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the PUT /user route. An attacker can gain full administrative privileges by using a read-only access token to change the administrator's password, then logging in to obtain an unrestricted session token that...

8.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:47 p.m.9 views

User Impersonation

Overview ajenti.plugin.core is a Core Affected versions of this package are vulnerable to User Impersonation via 2FA authentication. An attacker can gain unauthorized access by bypassing password authentication. Remediation Upgrade ajenti.plugin.core to version 0.112 or higher. References - GitHu...

9.3CVSS5.8AI score0.00329EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:40 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the function parameter, which is concatenated into an API error message and rendered without HTML escaping. An attacker can execute arbitrary JavaScript code in the context of a backend user's session by...

4.1CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:40 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the type parameter, which is concatenated into an API error message and rendered without HTML escaping. An attacker can execute arbitrary JavaScript code in the context of the backend session by crafting a...

4.1CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:40 p.m.4 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the dashboard log endpoints. An attacker can access sensitive operational log data by sending authenticated requests to the log endpoints without requiring elevated privileges. Remediation Upgrade...

5.3CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:39 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization missing RequireScopes enforcement on privileged routes. An attacker can gain unauthorized access to privileged endpoints and export sensitive backup data by using a deliberately limited admin access token on rout...

6.4CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:39 p.m.5 views

Directory Traversal

Overview uv is an An extremely fast Python package and project manager, written in Rust. Affected versions of this package are vulnerable to Directory Traversal through the uninstall process when handling RECORD entries containing relative paths that traverse outside the intended installation...

3.1CVSS6.3AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:32 p.m.2 views

Missing Authentication for Critical Function

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

9.3CVSS5.8AI score0.00356EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 7:32 p.m.2 views

Arbitrary Code Injection

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

9.8CVSS6.2AI score0.00609EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/10 7:32 p.m.3 views

Untrusted Search Path

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

8.6CVSS6.1AI score0.00246EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/10 7:32 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the removeUnusedAttributeView process. An attacker can delete arbitrary .json files within the workspace by supplying crafted path traversal sequences in the id parameter, allowing removal of files outside the...

8.5CVSS6.3AI score0.00287EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:32 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the removeUnusedAttributeView process. An attacker can delete arbitrary .json files within the workspace by supplying crafted path traversal sequences in the id parameter, allowing removal of files outside the...

8.5CVSS6.3AI score0.00287EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:32 p.m.5 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the /api/av/removeUnusedAttributeView process. An attacker can delete arbitrary attribute view definition files and disrupt workspace integrity and availability by sending crafted requests with a valid reader...

8.1CVSS5.9AI score0.004EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 7:32 p.m.5 views

SQL Injection

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

9.8CVSS6AI score0.00297EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 7:30 p.m.1 views

External Control of File Name or Path

Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to External Control of File Name or Path in the artifactbundle/assemble endpoint. An authenticated attacker can create or overwrite files within locations writable by the service account by supplying...

8.1CVSS5.8AI score0.00299EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:30 p.m.3 views

SQL Injection

Overview @saltcorn/server is a Server app for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to SQL Injection via the Literal function. An attacker can execute arbitrary SQL commands, manipulate database schema, or exfiltrate data by injecting crafted inpu...

8.8CVSS6.2AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:30 p.m.3 views

SQL Injection

Overview @saltcorn/data is a Data models for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to SQL Injection via the Literal function. An attacker can execute arbitrary SQL commands, manipulate database schema, or exfiltrate data by injecting crafted input...

8.8CVSS6.2AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:30 p.m.7 views

Directory Traversal

Overview @saltcorn/server is a Server app for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to Directory Traversal via the POST /sync/offlinechanges and GET /sync/uploadfinished endpoints, which improperly handle user-supplied input in path construction. ...

9.3CVSS6.3AI score0.00333EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 7:28 p.m.5 views

Server-side Request Forgery (SSRF)

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

10CVSS6AI score0.0028EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 7:28 p.m.6 views

Incorrect Authorization

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Incorrect Authorization via the executecommand call. An attacker can access sensitive environment variables and exfiltrate confidential...

8.3CVSS6AI score0.00116EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:28 p.m.3 views

Server-side Request Forgery (SSRF)

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webcrawl function. An attacker can access internal network resources and retrieve sensitive...

8.2CVSS5.8AI score0.00281EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 7:28 p.m.4 views

Permissive Cross-domain Policy with Untrusted Domains

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains in the POST /agui endpoint due to the absence of authentication and the use of a...

8.6CVSS6AI score0.00504EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:28 p.m.4 views

Permissive Cross-domain Policy with Untrusted Domains

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

8.6CVSS6AI score0.00504EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:28 p.m.4 views

Information Exposure

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Information Exposure via the subprocess module. An attacker can access sensitive environment variables, including API keys and credentials, ...

6.8CVSS5.9AI score0.00182EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:27 p.m.7 views

Directory Traversal

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

9.6CVSS6.3AI score0.00379EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 7:26 p.m.7 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

7.1CVSS5.8AI score0.00243EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 7:26 p.m.5 views

Unsafe Dependency Resolution

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

9.6CVSS6.1AI score0.00304EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 7:25 p.m.4 views

Incorrect Authorization

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

8.8CVSS6AI score0.00476EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:25 p.m.3 views

Arbitrary Code Injection

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Arbitrary Code Injection in the executecodedirect function when the AST-based filtering mechanism fails to block dangerous attribute access...

8.6CVSS6.2AI score0.0024EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 7:24 p.m.5 views

Directory Traversal

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Directory Traversal via the listfiles function when the pattern parameter is not properly validated before being passed to Path.glob. An...

5.3CVSS6.3AI score0.00311EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 7:24 p.m.6 views

Exposure of Sensitive Information Through Environmental Variables

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

7.4CVSS5.9AI score0.00273EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 7:24 p.m.6 views

Exposure of Sensitive Information Through Environmental Variables

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Environmental Variables in the executecommand function, where environment variables within command...

7.4CVSS5.9AI score0.00273EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 7:24 p.m.3 views

Missing Authentication for Critical Function

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the listagents function. An attacker can access sensitive agent names, roles, and partial...

6.9CVSS5.3AI score0.00758EPSS
Exploits1References2
Total number of security vulnerabilities33571