Lucene search
K

33588 matches found

Snyk
Snyk
added 2026/04/08 9:0 p.m.6 views

Improper Encoding or Escaping of Output

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in JsonAccessLogValve, which relies on an unescaped append in generating JSON logs. If non-default values are used for th...

7.5CVSS5.8AI score0.00461EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 9:0 p.m.3 views

Improper Encoding or Escaping of Output

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in JsonAccessLogValve, which relies on an unescaped append in generating JSON logs. If...

7.5CVSS5.8AI score0.00461EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 9:0 p.m.5 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in processOCSPRequest, which is part of the the CLIENTCERT authentication process. An attacker can trigger a soft-fail of OCSP checks when soft-fail is disabled. Remediation Upgrade...

9.1CVSS5.8AI score0.00715EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 9:0 p.m.3 views

Improper Authentication

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Authentication in processOCSPRequest, which is part of the the CLIENTCERT authentication process. An attacker can trigger a soft-fail of OCSP checks whe...

9.1CVSS5.8AI score0.00715EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 9:0 p.m.4 views

Improper Authentication

Overview org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Improper Authentication in processOCSPRequest, which is part of the the CLIENTCERT authentication process. An attacker can trigger a soft-fail of OCSP checks when...

9.1CVSS5.8AI score0.00715EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 9:0 p.m.5 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data in the EncryptInterceptor's messageReceived method. An attacker can gain unauthorized access to sensitive data by bypassing EncryptInterceptor to intercept unencrypted communications. Note: This is d...

8.7CVSS6AI score0.15831EPSS
Exploits5References2
Snyk
Snyk
added 2026/04/08 9:0 p.m.4 views

Use of a Broken or Risky Cryptographic Algorithm

Overview org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm which may arise due to improper preservation of the configured cipher preference order. An attacker who can control...

8.2CVSS5.8AI score0.00259EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 9:0 p.m.2 views

Use of a Broken or Risky Cryptographic Algorithm

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm which may arise due to improper preservation of the configured cipher preference order. An attacker who can...

8.2CVSS5.8AI score0.00259EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 8:13 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the GraphQL query batching endpoint. An attacker can exhaust server resources by sending a single HTTP request containing a large number of operations, bypassing per-query...

8.7CVSS5.8AI score0.00435EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 8:13 p.m.3 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the rotateFileVaultKey function in orbit/pkg/useraction/useractiondarwin.go. An attacker can execute arbitrary commands on macOS by supplying a crafted FileVault username or password that is interpolated into the...

8.5CVSS6.3AI score0.00111EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 8:13 p.m.4 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the rotateFileVaultKey function in orbit/pkg/useraction/useractiondarwin.go. An attacker can execute arbitrary commands on macOS by supplying a crafted FileVault username or password that is interpolated into the...

8.5CVSS6.3AI score0.00111EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 8:2 p.m.7 views

CRLF Injection

Overview basic-ftp is a FTP client for Node.js, supports FTPS over TLS, IPv6, Async/Await, and Typescript. Affected versions of this package are vulnerable to CRLF Injection via unsanitized path parameters in the protectWhitespace function. An attacker can execute arbitrary FTP commands by...

9.8CVSS6.3AI score0.02185EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 8:2 p.m.1 views

Directory Traversal

Overview agixt is an An Artificial Intelligence Automation Platform. AI Instruction management from various providers, has an adaptive memory, and a versatile plugin system with many commands including web browsing. Supports many AI providers and models and growing support every day. Affected...

8.8CVSS6.4AI score0.01318EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 7:57 p.m.3 views

Improper Preservation of Permissions

Overview Affected versions of this package are vulnerable to Improper Preservation of Permissions in the authentication process. An attacker can gain unauthorized access to user accounts by exploiting the handling of clientcredentials tokens, which may allow a client token to be misinterpreted as...

7.1CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/08 7:53 p.m.2 views

Server-side Request Forgery (SSRF)

Overview n8n-mcp is an Integration between n8n workflow automation and Model Context Protocol MCP Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the instance-URL header in multi-tenant HTTP mode. An authenticated attacker can cause the server to issue HTT...

8.5CVSS5.9AI score0.00316EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 7:52 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of messages from D-Bus peers. An attacker can exhaust system resources, cause application crashes, or spoof signals by sending messages with excessive Unix file...

7.1CVSS5.8AI score0.00124EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 7:52 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of messages from D-Bus peers. An attacker can exhaust system resources, cause application crashes, or spoof signals by sending messages with excessive Unix file...

7.1CVSS5.8AI score0.00124EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 7:23 p.m.3 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the update function when non-contiguous buffers are provided as input. An attacker can cause memory corruption or unintended behavior by supplying specially crafted non-contiguous buffers to APIs that accept Pytho...

9.8CVSS5.8AI score0.00652EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 7:21 p.m.4 views

Directory Traversal

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Directory Traversal in the MultiAgentLedger and MultiAgentMonitor components. An attacker can access sensitive context data belonging to oth...

8.8CVSS6.3AI score0.00687EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 7:21 p.m.4 views

Directory Traversal

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

8.8CVSS6.3AI score0.00687EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 7:21 p.m.3 views

Directory Traversal

Overview praisonai is a PraisonAI TypeScript AI Agents Framework - Node.js, npm, and Javascript AI Agents Framework Affected versions of this package are vulnerable to Directory Traversal in the MultiAgentLedger and MultiAgentMonitor components. An attacker can access sensitive context data...

8.6CVSS6.3AI score
Exploits0References2
Snyk
Snyk
added 2026/04/08 7:21 p.m.2 views

Missing Authentication for Critical Function

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

8.7CVSS5.8AI score0.00425EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 7:17 p.m.1 views

Arbitrary Code Injection

Overview praisonai is a PraisonAI TypeScript AI Agents Framework - Node.js, npm, and Javascript AI Agents Framework Affected versions of this package are vulnerable to Arbitrary Code Injection via the executecode function. An attacker can gain unauthorized access to the host environment, execute...

9.9CVSS6.1AI score0.00541EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 7:17 p.m.4 views

Arbitrary Code Injection

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

9.9CVSS6.1AI score0.00541EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 7:17 p.m.4 views

Arbitrary Code Injection

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Arbitrary Code Injection via the executecode function. An attacker can gain unauthorized access to the host environment, execute arbitrary...

9.9CVSS6.1AI score0.00541EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 7:17 p.m.2 views

Deserialization of Untrusted Data

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

9.8CVSS6.2AI score0.0058EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 7:17 p.m.3 views

Deserialization of Untrusted Data

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the YAML deserialization in the loadAgentFromFile function. An attacker can execute arbitrary code...

9.8CVSS6.2AI score0.0058EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 7:17 p.m.7 views

Deserialization of Untrusted Data

Overview praisonai is a PraisonAI TypeScript AI Agents Framework - Node.js, npm, and Javascript AI Agents Framework Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the YAML deserialization in the loadAgentFromFile function. An attacker can execute...

9.8CVSS6.2AI score0.0058EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 7:16 p.m.3 views

CRLF Injection

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to CRLF Injection via the host parameter in the install controller, which is not validated for newline characters before being written to the .env file. An attacker can injec...

9.8CVSS6AI score0.00516EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 7:15 p.m.2 views

Missing Authentication for Critical Function

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the install route guard process when the database is temporarily unreachable and the cache is empty. An attacker can gain...

9.2CVSS5.9AI score0.00421EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 7:15 p.m.3 views

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS in the content field during page creation and update operations, where user-supplied HTML is stored without proper sanitization and rendered...

5.5CVSS5.8AI score0.00247EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 7:15 p.m.3 views

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ajaxblackListpost process. An attacker can execute arbitrary JavaScript in the browser of other administrators by injecting malicious inpu...

4.8CVSS5.8AI score0.0023EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 7:15 p.m.1 views

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS in the compInfosPost process. An attacker can execute arbitrary JavaScript in the context of the parent page by injecting an payload containing...

5.5CVSS5.8AI score0.00235EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 7:15 p.m.3 views

Directory Traversal

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Directory Traversal inadequate enforcement of access control in the readFile, saveFile, deleteFileOrFolder, renameFile, createFile, and createFolder endpoints, which fail ...

8.6CVSS6.3AI score0.00471EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 4:8 p.m.5 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation through the Verifier.verifyleafcerts logic in src/rfc3161client/verify.py. An attacker can make a timestamp response from a trusted TSA verify as if it came from a different pinned TSA by injecting...

7.5CVSS5.9AI score0.00188EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 3:51 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the Http2Sessions.getSession function in the HTTP/2 session cleanup. An attacker can cause th...

8.2CVSS5.8AI score0.00731EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 3:51 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the Http2Sessions.getSession function in the HTTP/2 session cleanup. An attacker can cause the client process...

8.2CVSS5.8AI score0.00731EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 3:9 p.m.3 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write through the LossyDctDecoderexecute process. An attacker can cause a crash or denial of service by providing a crafted scanline DWAA file that triggers an integer overflow, resulting in a heap out-of-bounds write duri...

8.8CVSS5.8AI score0.00419EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/08 3:9 p.m.6 views

Out-of-bounds Write

Overview OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Out-of-bounds Write through the LossyDctDecoderexecute process. An attacker can cause a crash or denial of service by providing a crafted scanline DWAA file that triggers an...

8.8CVSS5.8AI score0.00419EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/08 3:9 p.m.6 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write through the internalexrundopiz process. An attacker can cause out-of-bounds memory access, leading to potential memory corruption or process crash, by supplying a specially crafted EXR file that triggers signed integ...

8.8CVSS6AI score0.00482EPSS
Exploits1References4
Snyk
Snyk
added 2026/04/08 3:9 p.m.2 views

Out-of-bounds Write

Overview OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Out-of-bounds Write. through the internalexrundopiz process. An attacker can cause out-of-bounds memory access, leading to potential memory corruption or process crash, by...

8.8CVSS6AI score0.00482EPSS
Exploits1References4
Snyk
Snyk
added 2026/04/08 3:5 p.m.2 views

CRLF Injection

Overview nodemailer is an Easy as cake e-mail sending from your Node.js applications Affected versions of this package are vulnerable to CRLF Injection via the name configuration configuration option. An attacker can inject arbitrary SMTP commands by supplying carriage return and line feed...

6.9CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/04/08 3:5 p.m.4 views

CRLF Injection

Overview org.webjars.npm:nodemailer is an Easy as cake e-mail sending from your Node.js applications Affected versions of this package are vulnerable to CRLF Injection via the name configuration configuration option. An attacker can inject arbitrary SMTP commands by supplying carriage return and...

6.9CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/04/08 3:5 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the CreateHandler process, which lacks resource limits for query depth, complexity, response size, and rate limiting. An attacker can exhaust server CPU, memory, and bandwidth by...

7.1CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/04/08 3:4 p.m.2 views

Directory Traversal

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Directory Traversal via the renderFile or parseFile functions that fail to enforce root boundry. An attacker can access arbitrary files...

7.5CVSS6.3AI score0.00447EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 3:4 p.m.6 views

Improperly Implemented Security Check for Standard

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard via the sortnatural and sort filters, which bypass the iownPropertyOnly security...

8.7CVSS5.8AI score0.00403EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 3:4 p.m.8 views

User Impersonation

Overview @lobehub/lobehub is a LobeHub - an open-source,comprehensive AI Agent framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application. Affected versions of this package are...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 3:4 p.m.8 views

User Impersonation

Overview @lobehub/cli is a LobeHub command-line interface. Affected versions of this package are vulnerable to User Impersonation via the X-lobe-chat-auth header on webapi routes. An attacker can gain unauthorized access to protected API endpoints and perform actions as an authenticated user by...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 3:4 p.m.4 views

Directory Traversal

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Directory Traversal via improper sanitization of uploaded filenames in the uploadfiles.py. An attacker can overwrite arbitrary files outside the intended upload...

8.3CVSS6.5AI score0.00371EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 3:3 p.m.6 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the handling of table captions during the rendering process. An attacker can execute arbitrary code with the privileges of the desktop client by syncing a crafted note containing malicious HTML or JavaScript ...

9CVSS6AI score0.00538EPSS
Exploits1References3
Total number of security vulnerabilities33588