Lucene search
K

31406 matches found

Snyk
Snyk
added 5 days ago2 views

Malicious Package

Overview @ncurran/sandbox-recon-7c4e1a is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 5 days ago2 views

Malicious Package

Overview @ncurran/sandbox-recon-sys-6a3f is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 5 days ago2 views

Malicious Package

Overview npm-sandbox-research-f1g2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Malicious Package

Overview npm-sandbox-research-c5d6 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 5 days ago2 views

Malicious Package

Overview @ncurran/dc-selftest-33afb7 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 5 days ago2 views

Malicious Package

Overview @ncurran/sandbox-recon-uac-4e7c is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 5 days ago2 views

Malicious Package

Overview npm-sandbox-research-8b2f is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 5 days ago2 views

Malicious Package

Overview pkg-telemetry-r4f9 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Malicious Package

Overview npm-sandbox-research-9c4e is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 5 days ago2 views

Malicious Package

Overview npm-sandbox-research-a1b2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Malicious Package

Overview npm-sandbox-research-e9f0 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Credential Exposure

Overview Affected versions of this package are vulnerable to Credential Exposure due to an incorrect transformation string in the encryption configuration process. An attacker can compromise the confidentiality of encrypted data by exploiting the unintended use of weaker padding when OAEP is...

1.9CVSS5.9AI score0.00046EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Authentication Bypass Using an Alternate Path or Channel

Overview Steeltoe.Management.Endpoint is a package that provides building blocks for development of .NET applications that integrate with Spring and Spring Boot environments, as well as Cloud Foundry and Kubernetes with first-party support for Tanzu. Affected versions of this package are vulnerab...

8.8CVSS6.1AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the process that handles service bindings from VCAPSERVICES containing TLS client credentials. An attacker can access sensitive private key material by reading temporary files created with...

5.7CVSS5.9AI score0.00065EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the middleware responsible for access restriction, which relies on the Host HTTP header rather than the actual network socket port. An attacker can gain unauthorized access to...

8.8CVSS6.1AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the deserialization process of RFC7797 JWS payloads with b64=false. An attacker can cause resource exhaustion by submitting a payload that exceeds the intended size limits, bypassi...

8.7CVSS5.9AI score0.00163EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Improper Privilege Management

Overview Steeltoe.Management.Endpoint is a package that provides building blocks for development of .NET applications that integrate with Spring and Spring Boot environments, as well as Cloud Foundry and Kubernetes with first-party support for Tanzu. Affected versions of this package are vulnerab...

7.1CVSS5.9AI score0.00231EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the permission enforcement process for sensitive actuator endpoints such as heapdump, env, and threaddump. An attacker can access sensitive application data by authenticating with only restricted...

7.1CVSS5.9AI score0.00231EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Exposure of Resource to Wrong Sphere

Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere in the TokenKeyResolver function. An attacker can bypass authentication and gain unauthorized access by exploiting the shared static JWKS cache across multiple schemes, allowing a key fetched for one...

7.4CVSS5.9AI score0.0029EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Exposure of Resource to Wrong Sphere

Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere in the TokenKeyResolver function. An attacker can bypass authentication and gain unauthorized access by exploiting the shared static JWKS cache across multiple schemes, allowing a key fetched for one...

7.4CVSS5.9AI score0.0029EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information in the Sanitizer function of the Environment actuator, which fails to redact sensitive information from configuration keys matching standard .NET patterns such as ConnectionStrings: or...

8.7CVSS5.9AI score0.00185EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Cleartext Transmission of Sensitive Information

Overview Steeltoe.Management.Endpoint is a package that provides building blocks for development of .NET applications that integrate with Spring and Spring Boot environments, as well as Cloud Foundry and Kubernetes with first-party support for Tanzu. Affected versions of this package are vulnerab...

8.7CVSS5.9AI score0.00185EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago2 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection through the saxonTransform function that uses unhardened net.sf.saxon.TransformerFactoryImpl method. An attacker can access sensitive local files or trigger arbitrary HTTPS requests from the host by...

8.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago2 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches function in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular expressions that trigger excessive...

8.7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Directory Traversal

Overview com.github.jknack:handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Directory Traversal via the getResource function in FileTemplateLoader. An attacker can access arbitrary files on the server by supplying crafted template...

8.7CVSS6.5AI score
Exploits0References2
Snyk
Snyk
added 6 days ago1 views

LDAP Injection

Overview org.apache.shiro:shiro-core is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Affected versions of this package are vulnerable to LDAP Injection in the DefaultLdapRealm class. An attacker can bypass...

9.1CVSS5.9AI score0.00494EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Permissive List of Allowed Inputs

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Permissive List of Allowed Inputs via permissive substring matching in the Set-Cookie attribute parsing. An attacker can weaken cookie SameSite enforcement by crafting a...

8.3CVSS5.9AI score0.00197EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Permissive List of Allowed Inputs

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Permissive List of Allowed Inputs via permissive substring matching in the Set-Cookie attribute parsing. An attacker can weaken cookie SameSite enforcemen...

8.3CVSS5.9AI score0.00197EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Allocation of Resources Without Limits or Throttling

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the handling of WebSocket message fragments. An attacker can cause unbounded memory growth and exhaust system...

8.7CVSS5.9AI score0.00284EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the handling of WebSocket message fragments. An attacker can cause unbounded memory growth and...

8.7CVSS5.9AI score0.00284EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the HTTP/1.1 client when an attacker-controlled upstream server injects an unsolicited response onto an idle keep-alive...

6.3CVSS5.9AI score0.00177EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the HTTP/1.1 client when an attacker-controlled upstream server injects an unsolicited response onto an...

6.3CVSS5.9AI score0.00177EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Use of Cache Containing Sensitive Information

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the cache interceptor. An attacker can obtain another user's authenticated response data by exploiting whitespace-padded...

8.9CVSS7.1AI score0.00229EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Use of Cache Containing Sensitive Information

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the cache interceptor. An attacker can obtain another user's authenticated response data by exploiting...

8.9CVSS7.1AI score0.00229EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Origin Validation Error

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Origin Validation Error in the Socks5ProxyAgent. An attacker can intercept or redirect sensitive data, including credentials and request payloads, to unintended origins b...

7.7CVSS6.4AI score0.00147EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Origin Validation Error

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Origin Validation Error in the Socks5ProxyAgent. An attacker can intercept or redirect sensitive data, including credentials and request payloads, to...

7.7CVSS6.4AI score0.00147EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

CRLF Injection

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to CRLF Injection in the parseSetCookie. An attacker can inject arbitrary HTTP headers by supplying specially crafted percent-encoded values in the Set-Cookie header, which...

9.2CVSS6AI score0.00205EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

CRLF Injection

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to CRLF Injection in the parseSetCookie. An attacker can inject arbitrary HTTP headers by supplying specially crafted percent-encoded values in the Set-Cooki...

9.2CVSS6AI score0.00205EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago2 views

Allocation of Resources Without Limits or Throttling

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the handling of fragmented WebSocket messages. An attacker can cause unbounded memory growth and exhaust system...

8.7CVSS5.9AI score0.00284EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the handling of fragmented WebSocket messages. An attacker can cause unbounded memory growth and...

8.7CVSS6.5AI score0.00284EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Improper Certificate Validation

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Improper Certificate Validation in the ProxyAgent when configured with a SOCKS5 proxy URI, which causes the requestTls option to be silently dropped. An attacker can...

7.4CVSS6.4AI score0.00199EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Improper Certificate Validation

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Improper Certificate Validation in the ProxyAgent when configured with a SOCKS5 proxy URI, which causes the requestTls option to be silently dropped. An...

7.4CVSS6.4AI score0.00199EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Overview langgraph-sdk is a SDK for interacting with LangGraph API Affected versions of this package are vulnerable to Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' in the construction of HTTP request paths using unsanitized identifier values. An attacker can gain...

6CVSS5.8AI score0.0022EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification through the audio.py file. An attacker can cause excessive memory consumption by...

7.1CVSS5.9AI score0.0003EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Insertion of Sensitive Information into Log File

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the error handling process for certain API and WebSocket routes, where unsanitized exception...

6.9CVSS5.8AI score0.00018EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Incorrect Conversion between Numeric Types

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Incorrect Conversion between Numeric Types in the ggmldequantize, ggmlmulmatveca8, ggmlmulmata8, and ggmlmoea8 functions when tensor dimensions are...

5.3CVSS5.9AI score0.00042EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Interpretation Conflict

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Interpretation Conflict in the image processing pipeline. An attacker can cause the model to interpret images differently from human expectations by...

6.9CVSS5.9AI score0.00239EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Improper Validation of Specified Type of Input

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input due to improper validation of the temperature parameter while sampling. An attacker can cause the...

8.7CVSS5.9AI score0.00039EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Malicious Package

Overview chai-as-tokenized is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Malicious Package

Overview api-rs-node is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
Total number of security vulnerabilities31406