Lucene search
K

33571 matches found

Snyk
Snyk
added 2026/04/09 10:8 p.m.7 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of URI name constraints during certificate chain verification in the ConfirmNameConstraints process. An attacker can bypass intended certificate restrictions by presenting a...

7CVSS5.8AI score0.00165EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 9:31 p.m.5 views

Arbitrary Command Injection

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Arbitrary Command Injection via the Terminal.runcommand function. An attacker can execute arbitrary operating system commands by supplying crafted input to this function. Remediation A fix was push...

9.8CVSS7.8AI score0.02328EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 9:31 p.m.6 views

Arbitrary Command Injection

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Arbitrary Command Injection via the Bash.run method in metagpt/tools/libs/terminal.py. An attacker can execute arbitrary operating system commands by supplying crafted input remotely. Remediation A...

9.8CVSS7.7AI score0.02241EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 9:31 p.m.5 views

Arbitrary Command Injection

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Arbitrary Command Injection via the getmimetype function. An attacker can execute arbitrary operating system commands by supplying crafted input remotely. Remediation A fix was pushed into the mast...

9.8CVSS7.8AI score0.02283EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 9:31 p.m.6 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the form of Kubernetes bearer tokens being printed in logs of the cloud membership for clustering module. Remediation Upgrade org.apache.tomcat:tomcat-tribes to version 9.0.117, 10.1.5...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 9:31 p.m.3 views

Improper Certificate Validation

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Certificate Validation in getSSLHostConfig, which does not sufficiently account for all protocol host name inputs. An attacker can access sensitive...

9.1CVSS6.7AI score0.00307EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 9:31 p.m.5 views

Improper Certificate Validation

Overview org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Improper Certificate Validation in getSSLHostConfig, which does not sufficiently account for all protocol host name inputs. An attacker can access sensitive...

9.1CVSS5.8AI score0.00307EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 9:9 p.m.2 views

Heap-based Buffer Overflow

Overview wolfssl is a None Affected versions of this package are vulnerable to Heap-based Buffer Overflow. via the DecodeObjectId function. An attacker can cause memory corruption or potentially execute arbitrary code by supplying crafted OID data that triggers a heap out-of-bounds write...

9.8CVSS6.2AI score0.00283EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 9:7 p.m.4 views

Improper Certificate Validation

Overview wolfssl is a None Affected versions of this package are vulnerable to Improper Certificate Validation. due to missing hash/digest size and OID checks in the certificate verification process. An attacker can bypass signature verification by providing digests smaller than allowed when...

9.9CVSS6.6AI score0.00468EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 9:2 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the helm pull --untar chart URL | repo/chartname command. An attacker can cause files to be written to unintended directories, potentially overwriting existing files or placing malicious files in accessible...

4.8CVSS6.3AI score0.00199EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 9:2 p.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the helm pull --untar chart URL | repo/chartname command. An attacker can cause files to be written to unintended directories, potentially overwriting existing files or placing malicious files in accessible...

4.8CVSS6.3AI score0.00199EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 9:2 p.m.1 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the helm pull --untar chart URL | repo/chartname command. An attacker can cause files to be written to unintended directories, potentially overwriting existing files or placing malicious files in accessible...

4.8CVSS6.3AI score0.00199EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 9:2 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the helm pull --untar chart URL | repo/chartname command. An attacker can cause files to be written to unintended directories, potentially overwriting existing files or placing malicious files in accessible...

4.8CVSS6.3AI score0.00199EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 9:2 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the helm pull --untar chart URL | repo/chartname command. An attacker can cause files to be written to unintended directories, potentially overwriting existing files or placing malicious files in accessible...

4.8CVSS6.3AI score0.00199EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 9:2 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the helm pull --untar chart URL | repo/chartname command. An attacker can cause files to be written to unintended directories, potentially overwriting existing files or placing malicious files in accessible...

4.8CVSS6.3AI score0.00199EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 9:2 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the helm pull --untar chart URL | repo/chartname command. An attacker can cause files to be written to unintended directories, potentially overwriting existing files or placing malicious files in accessible...

4.8CVSS6.3AI score0.00199EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 9:2 p.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the helm pull --untar chart URL | repo/chartname command. An attacker can cause files to be written to unintended directories, potentially overwriting existing files or placing malicious files in accessible...

4.8CVSS6.3AI score0.00199EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 8:28 p.m.7 views

Information Exposure

Overview gramps-webapi is an A RESTful web API for the Gramps genealogical database. Affected versions of this package are vulnerable to Information Exposure in the iter process. An attacker can access private sub-object data attached to otherwise-public objects by querying list API endpoints as ...

6.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/09 8:28 p.m.5 views

Incomplete List of Disallowed Inputs

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the environment variable handling process. An attacker can influence Git operations by setting specific environment variables before execution...

6.1CVSS5.8AI score0.00115EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/09 8:10 p.m.5 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the H5Tconvstruct function. An attacker can achieve arbitrary code execution or cause a denial of service by supplying a specially crafted h5 file that triggers a use-after-free condition during memory operations...

8.4CVSS6.4AI score0.00193EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 7:11 p.m.5 views

Improper Check for Unusual or Exceptional Conditions

Overview bsv-sdk is an A Ruby library for interacting with the BSV Blockchain — keys, scripts, transactions, and more. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions due to improper handling of ARC broadcaster responses i. An attacker can...

8.7CVSS5.8AI score0.00266EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 7:11 p.m.7 views

Improper Verification of Cryptographic Signature

Overview bsv-wallet is an Implements the BRC-100 standard wallet-to-application interface for the BSV Blockchain. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the acquirecertificate function. An attacker can persist forged certificate...

8.6CVSS5.9AI score0.00135EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 7:11 p.m.4 views

Improper Verification of Cryptographic Signature

Overview bsv-sdk is an A Ruby library for interacting with the BSV Blockchain — keys, scripts, transactions, and more. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the acquirecertificate function. An attacker can persist forged certificat...

8.6CVSS5.9AI score0.00135EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 7:10 p.m.3 views

Incomplete List of Disallowed Inputs

Overview org.webjars.npm:unhead is a Full-stack manager built for any framework. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the hasDangerousProtocol function though the usage of HtmlEntityHex and HtmlEntityDec RegExp. An attacker can inject malicio...

6.1CVSS5.8AI score0.00285EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 7:10 p.m.6 views

Incomplete List of Disallowed Inputs

Overview unhead is a Full-stack manager built for any framework. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the hasDangerousProtocol function though the usage of HtmlEntityHex and HtmlEntityDec RegExp. An attacker can inject malicious URIs into the...

6.1CVSS5.8AI score0.00285EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 7:10 p.m.5 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the client monitoring message handler due to insufficient validation of the queue name supplied by the client. An attacker can execute arbitrary code on the server by sending a crafted...

8.5CVSS6.2AI score0.00432EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 7:10 p.m.3 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the client monitoring message handler due to insufficient validation of the queue name supplied by the client. An attacker can execute arbitrary code on the server by sending a crafted...

8.5CVSS6.2AI score0.00432EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 6:31 p.m.4 views

Arbitrary Code Injection

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Arbitrary Code Injection via the xmlfill function of the XML Handler. An attacker can execute arbitrary code by injecting malicious input that is improperly neutralized in dynamically evaluated cod...

9.8CVSS7.9AI score0.00387EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 6:31 p.m.8 views

Use of GET Request Method With Sensitive Query Strings

Overview org.apache.openmeetings:openmeetings-parent is a web-conferencing software. Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings via the REST login endpoint when sensitive information such as username and password is transmitted as...

8.7CVSS5.8AI score0.00509EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 6:31 p.m.7 views

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the remember-me cookie encryption key and salt. An attacker can obtain full user credentials by stealing a cookie from a logged-in user if the default encryption key has not been changed. Remediati...

8.7CVSS5.8AI score0.00234EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 6:31 p.m.4 views

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the remember-me cookie encryption key and salt. An attacker can obtain full user credentials by stealing a cookie from a logged-in user if the default encryption key has not been changed. Remediati...

8.7CVSS5.8AI score0.00234EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 6:31 p.m.4 views

Improper Handling of Insufficient Privileges

Overview Affected versions of this package are vulnerable to Improper Handling of Insufficient Privileges via the FileItemDTO component. An attacker can access metadata of files and sub-folders in any folder, including id, type, name, and other fields, by sending authenticated web service queries...

5.3CVSS5.8AI score0.00418EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 6:10 p.m.7 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management via the ClickhouseUser/ServiceUser. An attacker can access sensitive information from other namespaces by supplying a crafted namespace value, causing the operator to read secrets from unauthorized location...

8.2CVSS5.7AI score0.00394EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 6:10 p.m.8 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management via the ClickhouseUser/ServiceUser. An attacker can access sensitive information from other namespaces by supplying a crafted namespace value, causing the operator to read secrets from unauthorized location...

8.2CVSS5.7AI score0.00394EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 6:10 p.m.1 views

Improper Validation of Unsafe Equivalence in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input via the TopicSelectorStore process. An attacker can access private updates intended for authorized subscribers or prevent delivery to legitimate recipients by poisoning the match result...

7.1CVSS5.8AI score0.00341EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 6:10 p.m.2 views

Improper Validation of Unsafe Equivalence in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input via the TopicSelectorStore process. An attacker can access private updates intended for authorized subscribers or prevent delivery to legitimate recipients by poisoning the match result...

7.1CVSS5.8AI score0.00341EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 6:10 p.m.2 views

Weak Authentication

Overview Affected versions of this package are vulnerable to Weak Authentication due to improper validation of oauthuserid in the TokenGuard::authenticateViaBearerToken function. An attacker can gain unauthorized access to unrelated user accounts by presenting a machine-to-machine token with a...

7.1CVSS5.8AI score0.00289EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 6:10 p.m.4 views

Cross-site Scripting (XSS)

Overview limesurvey/limesurvey is a FOSS online survey tool on the web. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Boxtitle and boxurl parameters. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious input...

8.5CVSS5.8AI score0.00279EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 6:9 p.m.5 views

Cross-site Scripting (XSS)

Overview limesurvey/limesurvey is a FOSS online survey tool on the web. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the getInstance function when processing the gid parameter. An attacker can execute arbitrary JavaScript in the context of a logged-in user by...

6.1CVSS5.8AI score0.00227EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 6:8 p.m.8 views

Arbitrary Code Injection

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Arbitrary Code Injection via the checksolution function in the HumanEvalBenchmark/MBPPBenchmark component. An attacker can execute arbitrary code by sending specially crafted input remotely...

9.8CVSS7.5AI score0.00387EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 5:37 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to missing pre-allocation size checks in the base64 decoding process. An attacker can cause excessive memory allocation by providi...

6.5CVSS5.8AI score0.00302EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 5:37 p.m.2 views

Missing Support for Integrity Check

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Support for Integrity Check through the download process. An attacker can cause unauthorized or malicious plugin archives to be installed by providing tampered or unverified files...

6.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/09 5:37 p.m.4 views

Insufficient Verification of Data Authenticity

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the fetchWithSsrFGuard function. An attacker can cause unsafe request bodies or headers to be resent across cross-origin redirects by...

7.4CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/09 5:37 p.m.3 views

Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via the host-exec process. An attacker can execute arbitrary commands by injecting environment variables that influence interpreters, shells, or build tools. Remediation...

5.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 2026/04/09 5:36 p.m.5 views

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper handling of redirects in the Playwright navigation. An attacker can access internal or private network resources by crafting requests that...

6.9CVSS5.8AI score0.00188EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 5:36 p.m.2 views

Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management in the Gateway plugin HTTP. An attacker can gain unauthorized write access by sending requests that are only intended to have read privileges, resulting in...

7.1CVSS5.8AI score0.00239EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 5:36 p.m.2 views

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Interaction-Triggered Navigation. An attacker can access internal resources by triggering browser interactions that bypass normal navigation check...

6.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/09 5:36 p.m.3 views

Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management via the node.pair.approve function being assigned to the broader operator.write scope instead of the intended operator.pairing scope. An attacker can gain...

8.8CVSS5.8AI score0.00282EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 5:36 p.m.5 views

Incorrect Permission Assignment for Critical Resource

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the uploadfile or uploadimage process. An attacker can access files outside the intended workspace directory by uploading special...

6.5CVSS5.8AI score0.00326EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 5:36 p.m.4 views

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the media download process. An attacker can access internal network resources by sending crafted requests to the affected media fetch endpoints...

8.5CVSS5.8AI score0.00218EPSS
Exploits0References2
Total number of security vulnerabilities33571