Lucene search
K

33546 matches found

Snyk
Snyk
added 2026/04/10 5:6 p.m.15 views

Improper Output Neutralization for Logs

Overview org.apache.logging.log4j:log4j-core is a logging library for Java. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs in the Rfc5424Layout plugin due to newLineEscape and useTlsMessageFormat configuration attributes being silently renamed, leading...

7.7CVSS5.7AI score0.00831EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 5:6 p.m.2 views

Improper Encoding or Escaping of Output

Overview org.apache.logging.log4j:log4j-core is a logging library for Java. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the XmlLayout plugin. An attacker can cause log events to be silently lost or malformed by injecting XML 1.0 forbidden...

7.7CVSS5.3AI score0.0086EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 4:9 p.m.4 views

Use of Less Trusted Source

Overview Affected versions of this package are vulnerable to Use of Less Trusted Source via the nspawn process. An attacker can gain unauthorized access to the host system by supplying a crafted optional configuration file. Remediation A fix was pushed into the master branch but not yet published...

7.1CVSS5.8AI score0.00072EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 4:9 p.m.6 views

Comparison Using Wrong Factors

Overview Affected versions of this package are vulnerable to Comparison Using Wrong Factors in the IPC API call process when an array or map containing a null element is provided. An attacker can cause a system crash by sending specially crafted IPC API requests. Remediation A fix was pushed into...

6.9CVSS5.8AI score0.00202EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 4:8 p.m.6 views

Incorrect Resource Transfer Between Spheres

Overview Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres in the udev process. An attacker can gain local root execution by connecting malicious hardware devices that produce unsanitized kernel output. Remediation A fix was pushed into the master...

6.4CVSS5.9AI score0.00144EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 4:7 p.m.7 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the varlink process. An attacker can gain elevated privileges by leveraging access to the root namespace. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Advisor...

7.3CVSS5.8AI score0.00079EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 4:7 p.m.3 views

Incorrect Behavior Order

Overview Affected versions of this package are vulnerable to Incorrect Behavior Order in the Delegate process when the User parameter is unset and the unit is running. An attacker can cause a system service to terminate unexpectedly by creating or manipulating a unit with these settings. This is...

5.7CVSS5.8AI score0.00086EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 3:36 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper authorization checks in the CanDoAPIRoute process. An attacker can delete project backgrounds by using an API token with only the projects.background permission, bypassing intended access controls fo...

5.4CVSS5.8AI score0.00222EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:36 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper authorization checks in the CanDoAPIRoute process. An attacker can delete project backgrounds by using an API token with only the projects.background permission, bypassing intended access controls fo...

5.4CVSS5.4AI score0.00222EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:35 p.m.12 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the H5Trefmemsetnull function. An attacker can cause a heap buffer overflow by supplying a specially crafted HDF5 .h5 file, which may result in denial of service or potentially allow execution of arbitrary...

6.7CVSS6.2AI score0.00213EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:35 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the import process. An attacker can exhaust server storage and potentially cause service disruption by uploading compressed zip files containing files that exceed the configur...

7.1CVSS5.8AI score0.00338EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:35 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the import process. An attacker can exhaust server storage and potentially cause service disruption by uploading compressed zip files containing files that exceed the configur...

7.1CVSS5.8AI score0.00338EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:35 p.m.3 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via improper handling of user-supplied input in the ParseTodos function. An attacker can inject arbitrary iCalendar properties by including CRLF characters in task titles or other fields, which are then concatenated into...

5.1CVSS5.9AI score0.00196EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:35 p.m.4 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via improper handling of user-supplied input in the ParseTodos function. An attacker can inject arbitrary iCalendar properties by including CRLF characters in task titles or other fields, which are then concatenated into...

5.1CVSS5.7AI score0.00196EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:34 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the email notification rendering process. An attacker can inject arbitrary HTML content, such as phishing links or tracking images, by crafting malicious task titles that are embedded in notification emails...

5.4CVSS5.7AI score0.00195EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:34 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the email notification rendering process. An attacker can inject arbitrary HTML content, such as phishing links or tracking images, by crafting malicious task titles that are embedded in notification emails...

5.4CVSS5.3AI score0.00195EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:34 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the email notification rendering process. An attacker can inject arbitrary HTML content, such as phishing links or tracking images, by crafting malicious task titles that are embedded in notification emails...

5.4CVSS5.7AI score0.00195EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:34 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the email notification rendering process. An attacker can inject arbitrary HTML content, such as phishing links or tracking images, by crafting malicious task titles that are embedded in notification emails...

5.4CVSS5.7AI score0.00195EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:34 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the email notification rendering process. An attacker can inject arbitrary HTML content, such as phishing links or tracking images, by crafting malicious task titles that are embedded in notification emails...

5.4CVSS5.3AI score0.00195EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:34 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the email notification rendering process. An attacker can inject arbitrary HTML content, such as phishing links or tracking images, by crafting malicious task titles that are embedded in notification emails...

5.4CVSS5.3AI score0.00195EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:34 p.m.5 views

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the addRepeatIntervalToTime function. An attacker can exhaust server resources and render the application unresponsive by creating tasks with extremely small repeat intervals and due dates far ...

7.1CVSS5.5AI score0.00347EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:34 p.m.3 views

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the addRepeatIntervalToTime function. An attacker can exhaust server resources and render the application unresponsive by creating tasks with extremely small repeat intervals and due dates far ...

7.1CVSS5.8AI score0.00347EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:34 p.m.6 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the GetResource and GetResourcesByList processes. An attacker can access sensitive task data from projects they do not have permission to view by making authenticated CalDAV requests with a known or guessed task...

5.3CVSS5.8AI score0.00216EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:34 p.m.5 views

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force due to improper enforcement of authentication lockout in the login process. An attacker can gain unauthorized access to accounts protected by two-factor authentication by repeatedly submitting incorrect TOTP codes without...

8.2CVSS5.8AI score0.00296EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:34 p.m.6 views

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force due to improper enforcement of authentication lockout in the login process. An attacker can gain unauthorized access to accounts protected by two-factor authentication by repeatedly submitting incorrect TOTP codes without...

8.2CVSS5.8AI score0.00296EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:34 p.m.7 views

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force due to improper enforcement of authentication lockout in the login process. An attacker can gain unauthorized access to accounts protected by two-factor authentication by repeatedly submitting incorrect TOTP codes without...

8.2CVSS5.8AI score0.00296EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:34 p.m.4 views

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force due to improper enforcement of authentication lockout in the login process. An attacker can gain unauthorized access to accounts protected by two-factor authentication by repeatedly submitting incorrect TOTP codes without...

8.2CVSS5.8AI score0.00296EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:33 p.m.7 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper SQL operator precedence in the hasAccessToLabel function. An attacker can access label metadata, including titles, descriptions, colors, and creator information from projects they do not have acce...

5.3CVSS5.9AI score0.00272EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:33 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper SQL operator precedence in the hasAccessToLabel function. An attacker can access label metadata, including titles, descriptions, colors, and creator information from projects they do not have acce...

5.3CVSS5.8AI score0.00272EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:33 p.m.5 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the parentprojectid update process. An attacker can gain unauthorized administrative privileges by moving a project under a project they own, allowing them to delete the project, manage sharing settings,...

8.7CVSS5.8AI score0.0029EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:33 p.m.5 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the parentprojectid update process. An attacker can gain unauthorized administrative privileges by moving a project under a project they own, allowing them to delete the project, manage sharing settings,...

8.7CVSS5.8AI score0.0029EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:33 p.m.4 views

Failing Open

Overview Affected versions of this package are vulnerable to Failing Open in plugin installation, when signature verification is required, but the .prov file is missing. An attacker can execute arbitrary code by providing a malicious plugin archive that omits provenance data, thereby bypassing...

8.6CVSS6.1AI score0.00178EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 3:33 p.m.4 views

Failing Open

Overview Affected versions of this package are vulnerable to Failing Open in plugin installation, when signature verification is required, but the .prov file is missing. An attacker can execute arbitrary code by providing a malicious plugin archive that omits provenance data, thereby bypassing...

8.6CVSS6.1AI score0.00178EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 3:33 p.m.6 views

Failing Open

Overview Affected versions of this package are vulnerable to Failing Open in plugin installation, when signature verification is required, but the .prov file is missing. An attacker can execute arbitrary code by providing a malicious plugin archive that omits provenance data, thereby bypassing...

8.6CVSS6.1AI score0.00178EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 3:33 p.m.7 views

Failing Open

Overview Affected versions of this package are vulnerable to Failing Open in plugin installation, when signature verification is required, but the .prov file is missing. An attacker can execute arbitrary code by providing a malicious plugin archive that omits provenance data, thereby bypassing...

8.6CVSS6.1AI score0.00178EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 3:32 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the version directive of a plugin.yaml. An attacker can overwrite arbitrary files on the filesystem with the contents of a plugin by installing or updating it while its plugin.yaml file contains malicious path...

8.6CVSS6.3AI score0.00158EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 3:32 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the version directive of a plugin.yaml. An attacker can overwrite arbitrary files on the filesystem with the contents of a plugin by installing or updating it while its plugin.yaml file contains malicious path...

8.6CVSS6.3AI score0.00158EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 3:31 p.m.4 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the lack of server-side validation in the GetLinkShareFromClaims process. An attacker can retain unauthorized access to resources by using previously issued JWT tokens even after a link share is...

6.9CVSS5.8AI score0.00268EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:31 p.m.8 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the lack of server-side validation in the GetLinkShareFromClaims process. An attacker can retain unauthorized access to resources by using previously issued JWT tokens even after a link share is...

6.9CVSS5.8AI score0.00268EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:31 p.m.3 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the lack of server-side validation in the GetLinkShareFromClaims process. An attacker can retain unauthorized access to resources by using previously issued JWT tokens even after a link share is...

6.9CVSS5.8AI score0.00268EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:31 p.m.8 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the lack of server-side validation in the GetLinkShareFromClaims process. An attacker can retain unauthorized access to resources by using previously issued JWT tokens even after a link share is...

6.9CVSS5.8AI score0.00268EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:30 p.m.10 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the OIDC login process when the EmailFallback mechanism is enabled. An attacker can gain unauthorized access to accounts protected by TOTP by authenticating to the OIDC provider with a matching email address,...

9.1CVSS5.8AI score0.00281EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:30 p.m.4 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the OIDC login process when the EmailFallback mechanism is enabled. An attacker can gain unauthorized access to accounts protected by TOTP by authenticating to the OIDC provider with a matching email address,...

9.1CVSS5.8AI score0.00281EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:12 p.m.6 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the disasm function. An attacker can cause a stack-based buffer overflow by providing input that causes slen to exceed the buffer capacity, resulting in an out-of-bounds write when formatting disassembly...

9.4CVSS6.2AI score0.00443EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:12 p.m.5 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to insufficient bounds checking in the objdirective function. An attacker can cause heap memory corruption, application crash, or execute arbitrary code by submitting a specially crafted .asm file...

8.5CVSS6.1AI score0.00357EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:12 p.m.4 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the response file processing due to a dangling pointer to freed memory being stored in the global dependfile and later dereferenced after the response-file buffer is freed. An attacker can cause data corruption or...

9.6CVSS6AI score0.00414EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 1:43 p.m.3 views

Arbitrary Code Injection

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Arbitrary Code Injection in the /guardrails/testcustomcode endpoint through bytecode rewriting. An attacker can execute arbitrary code by sending specially crafted requests...

8.8CVSS6.2AI score0.06496EPSS
Exploits2References2
Snyk
Snyk
added 2026/04/10 12:31 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in NIO SSL transport processing. An attacker can cause the broker to exhaust all available...

8.7CVSS5.8AI score0.00896EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 12:31 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in NIO SSL transport processing. An attacker can cause the...

8.7CVSS5.8AI score0.00896EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 12:31 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview org.apache.activemq:activemq-client is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in NIO SSL transport processing. An attacker can cause the...

8.7CVSS5.8AI score0.00896EPSS
Exploits0References2
Total number of security vulnerabilities33546