Lucene search
K

33571 matches found

Snyk
Snyk
•added 2026/04/10 3:34 p.m.•7 views

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force due to improper enforcement of authentication lockout in the login process. An attacker can gain unauthorized access to accounts protected by two-factor authentication by repeatedly submitting incorrect TOTP codes without...

8.2CVSS5.8AI score0.00296EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/10 3:34 p.m.•4 views

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force due to improper enforcement of authentication lockout in the login process. An attacker can gain unauthorized access to accounts protected by two-factor authentication by repeatedly submitting incorrect TOTP codes without...

8.2CVSS5.8AI score0.00296EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/10 3:33 p.m.•7 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper SQL operator precedence in the hasAccessToLabel function. An attacker can access label metadata, including titles, descriptions, colors, and creator information from projects they do not have acce...

5.3CVSS5.9AI score0.00272EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/10 3:33 p.m.•4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper SQL operator precedence in the hasAccessToLabel function. An attacker can access label metadata, including titles, descriptions, colors, and creator information from projects they do not have acce...

5.3CVSS5.8AI score0.00272EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/10 3:33 p.m.•5 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the parentprojectid update process. An attacker can gain unauthorized administrative privileges by moving a project under a project they own, allowing them to delete the project, manage sharing settings,...

8.7CVSS5.8AI score0.0029EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/10 3:33 p.m.•5 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the parentprojectid update process. An attacker can gain unauthorized administrative privileges by moving a project under a project they own, allowing them to delete the project, manage sharing settings,...

8.7CVSS5.8AI score0.0029EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/10 3:33 p.m.•4 views

Failing Open

Overview Affected versions of this package are vulnerable to Failing Open in plugin installation, when signature verification is required, but the .prov file is missing. An attacker can execute arbitrary code by providing a malicious plugin archive that omits provenance data, thereby bypassing...

8.6CVSS6.1AI score0.00178EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/10 3:33 p.m.•4 views

Failing Open

Overview Affected versions of this package are vulnerable to Failing Open in plugin installation, when signature verification is required, but the .prov file is missing. An attacker can execute arbitrary code by providing a malicious plugin archive that omits provenance data, thereby bypassing...

8.6CVSS6.1AI score0.00178EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/10 3:33 p.m.•7 views

Failing Open

Overview Affected versions of this package are vulnerable to Failing Open in plugin installation, when signature verification is required, but the .prov file is missing. An attacker can execute arbitrary code by providing a malicious plugin archive that omits provenance data, thereby bypassing...

8.6CVSS6.1AI score0.00178EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/10 3:33 p.m.•7 views

Failing Open

Overview Affected versions of this package are vulnerable to Failing Open in plugin installation, when signature verification is required, but the .prov file is missing. An attacker can execute arbitrary code by providing a malicious plugin archive that omits provenance data, thereby bypassing...

8.6CVSS6.1AI score0.00178EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/10 3:32 p.m.•4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the version directive of a plugin.yaml. An attacker can overwrite arbitrary files on the filesystem with the contents of a plugin by installing or updating it while its plugin.yaml file contains malicious path...

8.6CVSS6.3AI score0.00158EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/10 3:32 p.m.•5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the version directive of a plugin.yaml. An attacker can overwrite arbitrary files on the filesystem with the contents of a plugin by installing or updating it while its plugin.yaml file contains malicious path...

8.6CVSS6.3AI score0.00158EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/10 3:31 p.m.•4 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the lack of server-side validation in the GetLinkShareFromClaims process. An attacker can retain unauthorized access to resources by using previously issued JWT tokens even after a link share is...

6.9CVSS5.8AI score0.00268EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/10 3:31 p.m.•8 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the lack of server-side validation in the GetLinkShareFromClaims process. An attacker can retain unauthorized access to resources by using previously issued JWT tokens even after a link share is...

6.9CVSS5.8AI score0.00268EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/10 3:31 p.m.•3 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the lack of server-side validation in the GetLinkShareFromClaims process. An attacker can retain unauthorized access to resources by using previously issued JWT tokens even after a link share is...

6.9CVSS5.8AI score0.00268EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/10 3:31 p.m.•8 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the lack of server-side validation in the GetLinkShareFromClaims process. An attacker can retain unauthorized access to resources by using previously issued JWT tokens even after a link share is...

6.9CVSS5.8AI score0.00268EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/10 3:30 p.m.•10 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the OIDC login process when the EmailFallback mechanism is enabled. An attacker can gain unauthorized access to accounts protected by TOTP by authenticating to the OIDC provider with a matching email address,...

9.1CVSS5.8AI score0.00281EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/10 3:30 p.m.•4 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the OIDC login process when the EmailFallback mechanism is enabled. An attacker can gain unauthorized access to accounts protected by TOTP by authenticating to the OIDC provider with a matching email address,...

9.1CVSS5.8AI score0.00281EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/10 3:12 p.m.•6 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the disasm function. An attacker can cause a stack-based buffer overflow by providing input that causes slen to exceed the buffer capacity, resulting in an out-of-bounds write when formatting disassembly...

9.4CVSS6.2AI score0.00443EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/10 3:12 p.m.•5 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to insufficient bounds checking in the objdirective function. An attacker can cause heap memory corruption, application crash, or execute arbitrary code by submitting a specially crafted .asm file...

8.5CVSS6.1AI score0.00357EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/10 3:12 p.m.•4 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the response file processing due to a dangling pointer to freed memory being stored in the global dependfile and later dereferenced after the response-file buffer is freed. An attacker can cause data corruption or...

9.6CVSS6AI score0.00414EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/10 1:43 p.m.•3 views

Arbitrary Code Injection

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Arbitrary Code Injection in the /guardrails/testcustomcode endpoint through bytecode rewriting. An attacker can execute arbitrary code by sending specially crafted requests...

8.8CVSS6.2AI score0.06496EPSS
Exploits2References2
Snyk
Snyk
•added 2026/04/10 12:31 p.m.•2 views

Allocation of Resources Without Limits or Throttling

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in NIO SSL transport processing. An attacker can cause the broker to exhaust all available...

8.7CVSS5.8AI score0.00896EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/10 12:31 p.m.•2 views

Allocation of Resources Without Limits or Throttling

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in NIO SSL transport processing. An attacker can cause the...

8.7CVSS5.8AI score0.00896EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/10 12:31 p.m.•1 views

Allocation of Resources Without Limits or Throttling

Overview org.apache.activemq:activemq-client is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in NIO SSL transport processing. An attacker can cause the...

8.7CVSS5.8AI score0.00896EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/10 6:10 a.m.•2 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to an integer overflow in the wcCmacUpdate function. An attacker can generate forged CMAC tags by exploiting the wraparound of the totalSz variable after processing 4 GiB of data, which causes the...

8.2CVSS5.9AI score0.0042EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/10 6:10 a.m.•3 views

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the assertPublicHostname function in web-fetch.ts. An attacker can access internal resources or perform unauthorized network requests by sending craft...

8.1CVSS5.8AI score0.0042EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/10 5:8 a.m.•8 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the wolfSSLX509verifycert function. An attacker can bypass certificate signature validation by supplying a certificate chain where an untrusted intermediate with Basic Constraints set to CA:FALSE is...

8.6CVSS5.8AI score0.00184EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/10 5:8 a.m.•5 views

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value in the wolfSSLEVPCipherFinal process. An attacker can obtain unauthorized access to plaintext data by submitting ciphertext with a forged or incorrect authentication tag, as the tag is not...

8.1CVSS5.8AI score0.00152EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/10 5:8 a.m.•1 views

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound in the parsing of the Subject Alternative Name extension of X.509 certificates due to improper handling of entry lengths in the process. An attacker can cause incorrect processing of certificate data...

8.1CVSS5.8AI score0.00135EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/10 5:6 a.m.•2 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation due to improper validation of the AES-GCM authentication tag length in the wcPKCS7DecodeAuthEnvelopedData function. An attacker can bypass authentication by truncating the authentication tag, significantly...

8.7CVSS5.8AI score0.00355EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/10 5:6 a.m.•7 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to improper validation of the wcVerifyEccsiHash process. An attacker can bypass signature verification and impersonate any identity by submitting crafted signatures containing invalid...

8.1CVSS5.8AI score0.00147EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/10 3:31 a.m.•4 views

Incorrect Authorization

Overview keystone is a package that provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. Affected versions of this package are vulnerable to Incorrect Authorization through the UserOSEC2CredentialsResourceListCreat...

6CVSS5.8AI score0.0022EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/10 1:0 a.m.•6 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the error handling path of the TLSXKeyShareProcessPqcHybridClient process. An attacker can cause memory corruption or potentially execute arbitrary code by triggering an error during post-quantum cryptography hybrid...

6.5CVSS6.2AI score0.00275EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/10 12:30 a.m.•2 views

Regular Expression Denial of Service (ReDoS)

Overview js-video-url-parser is an A parser to extract provider, video id, starttime and others from YouTube, Vimeo, ... urls Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the getTime function in lib/util.js. An attacker can cause excessive...

6.9CVSS5.9AI score0.00372EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/10 12:11 a.m.•3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the PKCS7VerifySignedData process. An attacker can cause the application to read memory outside the bounds of a heap buffer by submitting a specially crafted PKCS7 message. Remediation Upgrade wolfssl to version...

5.4CVSS5.9AI score0.00159EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/10 12:11 a.m.•5 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the wcPKCS7DecryptOri function when processing a CMS EnvelopedData message containing an OtherRecipientInfo recipient. An attacker can execute arbitrary code or cause a crash by sending a crafted message...

8CVSS6.2AI score0.00175EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/10 12:11 a.m.•3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the DoTls13CertificateVerify process when handling a dual-algorithm CertificateVerify message due to improper bounds checking on crafted input. An attacker can cause the application to read memory outside the...

9.1CVSS5.9AI score0.00194EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/10 12:11 a.m.•2 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write through improper handling of the publicName parameter in the TLSXEchChangeSNI process. An attacker can cause memory corruption or potentially execute arbitrary code by supplying a specially crafted value that leads t...

9.1CVSS6.1AI score0.00393EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/10 12:10 a.m.•5 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the wolfSSLX509notAfter or wolfSSLX509notBefore functions when parsing date fields from a specially crafted X.509 certificate via the compatibility layer API. An attacker can cause a buffer overflow by...

4.3CVSS6AI score0.00122EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/10 12:8 a.m.•6 views

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value via the PKCS7 CBC decryption process. An attacker can recover plaintext data by sending repeated decryption queries with modified ciphertext, exploiting improper validation of interior paddin...

6.3CVSS5.8AI score0.00111EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/09 11:10 p.m.•4 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the session restoration process. An attacker can execute arbitrary memory deallocation by injecting a crafted session into the cache and triggering the application to call the relevant session restor...

4.1CVSS6AI score0.00172EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/09 11:10 p.m.•1 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the DTLS 1.3 ACK message processing. An attacker can execute arbitrary code or cause a denial of service by sending a specially crafted DTLS 1.3 ACK message. Remediation Upgrade wolfssl to version 5.9.1 or...

9.8CVSS6.2AI score0.00446EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/09 11:8 p.m.•7 views

Buffer Over-read

Overview Affected versions of this package are vulnerable to Buffer Over-read in the MatchDomainName function during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. An attacker can cause a crash by supplying a crafted hostname that exhausts the entire string, resulting ...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/09 11:8 p.m.•6 views

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound via the sslDecodePacket process. An attacker can cause a program crash and trigger a large out-of-bounds read by injecting a malformed TLS Application Data record that is shorter than the required...

6.5CVSS5.8AI score0.00225EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/09 10:10 p.m.•7 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the CertFromX509 function when processing the AuthorityKeyIdentifier extension due to incorrect size handling. An attacker can cause a heap buffer overflow by supplying a specially crafted X.509 certificate...

7.5CVSS6AI score0.00222EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/09 10:10 p.m.•5 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the authentication for Google OIDC tokens in the GCR Receiver webhook endpoint. An attacker can trigger unauthorized reconciliation of resources by presenting any valid Google-issued...

6.3CVSS5.8AI score0.00127EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/09 10:10 p.m.•4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the authentication for Google OIDC tokens in the GCR Receiver webhook endpoint. An attacker can trigger unauthorized reconciliation of resources by presenting any valid Google-issued...

6.3CVSS5.8AI score0.00127EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/09 10:10 p.m.•5 views

Reusing a Nonce, Key Pair in Encryption

Overview Affected versions of this package are vulnerable to Reusing a Nonce, Key Pair in Encryption in the wcAriaEncrypt process when ARIA-GCM cipher suites are used in TLS 1.2 or DTLS 1.2 sessions with the MagicCrypto SDK, due to the reuse of an identical 12-byte GCM nonce for every...

7.1CVSS5.8AI score0.00264EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/09 10:9 p.m.•4 views

Reliance on Untrusted Inputs in a Security Decision

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the group policy enforcement that relies on mutable displayName values. An attacker can gain unauthorized access to protected...

5.4CVSS5.8AI score0.00236EPSS
Exploits0References2
Total number of security vulnerabilities33571