Lucene search
K

35547 matches found

Snyk
Snyk
added 2026/07/06 10:35 a.m.4 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the improper handling of HTTP headers in the process. An attacker can manipulate internal Salesforce operation parameters, such as SOQL...

8.8CVSS6AI score0.00341EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.4 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the DaprPubSubConsumer process. An attacker can redirect or exfiltrate messages and bypass intended routing and topic-level access controls by publishing specially crafted CloudEvents with manipulated...

8.1CVSS6AI score0.00426EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.3 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the DaprPubSubConsumer process. An attacker can redirect or exfiltrate messages and bypass intended routing and topic-level access controls by publishing specially crafted CloudEvents with manipulated...

8.1CVSS6AI score0.00426EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the handling of gridfs. HTTP headers, which are not properly filtered and can be set by an HTTP client to control the GridFS operation performed by the...

9.8CVSS6AI score0.00452EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.3 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the irc.sendTo header and other irc. headers in HTTP requests. An attacker can redirect outgoing IRC messages to arbitrary channels or users by injecting...

6.9CVSS6.1AI score0.00428EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.2 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the KeycloakSecurityPolicy process. An attacker can gain unauthorized access to protected routes by supplying any non-null value in the Authorization: Bearer header, which is accepted without cryptographic...

9.8CVSS6.2AI score0.00619EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.6 views

Information Exposure

Overview org.apache.camel:camel-netty-http is a versatile open-source integration framework based on known Enterprise Integration Patterns. Affected versions of this package are vulnerable to Information Exposure in the muteException option handling of the HTTP consumer. An attacker can obtain...

6.9CVSS6AI score0.00363EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.6 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the muteException option handling of the HTTP consumer. An attacker can obtain sensitive internal information, such as Java stack traces containing credentials, hostnames, IP addresses, filesystem paths, and...

6.9CVSS6AI score0.00363EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:32 a.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the WebsocketConsumer.service process. An attacker can redirect server-side HTTP requests to arbitrary destinations and access sensitive environment variables, application properties, or vault secret...

7.5CVSS6.1AI score0.00536EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:32 a.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the WebsocketConsumer.service process. An attacker can redirect server-side HTTP requests to arbitrary destinations and access sensitive environment variables, application properties, or vault secret...

7.5CVSS6.1AI score0.00536EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:32 a.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the mapping of externally-supplied message user-headers into the Exchange without applying a header filtering process. An attacker can manipulate internal control headers by injecting specially craft...

8.8CVSS6AI score0.00396EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:32 a.m.5 views

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' due to the lack of an inbound filter rule in Sns2HeaderFilterStrategy. An attacker cannot manipulate internal headers o...

9.8CVSS5.9AI score0.00427EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:32 a.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the mapping of externally-supplied message user-headers into the Exchange without applying a header filtering process. An attacker can manipulate internal control headers by injecting specially craft...

8.8CVSS6AI score0.00396EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:32 a.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the mapping of externally-supplied message user-headers into the Exchange without applying a header filtering process. An attacker can manipulate internal control headers by injecting specially craft...

8.8CVSS6AI score0.00396EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:32 a.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the WebsocketConsumer.service process. An attacker can redirect server-side HTTP requests to arbitrary destinations and access sensitive environment variables, application properties, or vault secret...

7.5CVSS6.1AI score0.00536EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:32 a.m.4 views

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' due to the lack of an inbound filter rule in Sns2HeaderFilterStrategy. An attacker cannot manipulate internal headers o...

9.8CVSS5.9AI score0.00427EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 8:35 a.m.6 views

Command Injection

Overview react-dev-utils is an includes some utilities used by Create React App. Affected versions of this package are vulnerable to Command Injection via the startBrowserProcess function in react-dev-utils/openBrowser.js. An attacker can execute arbitrary operating system commands by supplying...

9.8CVSS7.2AI score0.01324EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 2:26 a.m.5 views

Protection Mechanism Failure

Overview Affected versions of this package are vulnerable to Protection Mechanism Failure in the client.go process of the Docker API component. An attacker can escape the intended sandbox restrictions by sending crafted requests to the affected API endpoint. Remediation A fix was pushed into the...

6.5CVSS6AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 2:26 a.m.2 views

Protection Mechanism Failure

Overview Affected versions of this package are vulnerable to Protection Mechanism Failure in the client.go process of the Docker API component. An attacker can escape the intended sandbox restrictions by sending crafted requests to the affected API endpoint. Remediation A fix was pushed into the...

6.5CVSS6AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/05 12:28 p.m.8 views

Authorization Bypass Through User-Controlled Key

Overview langgraph is a Building stateful, multi-actor applications with LLMs Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a key collision in the defaultcachekey and freeze functions of langgraph/internal/cache.py, where freeze reduce...

4.2CVSS6AI score0.0016EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/05 7:23 a.m.8 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the MethodRouter.Handle process of the WebSocket RPC handler. An attacker can gain unauthorized access to sensitive information or perform unauthorized actions by exploiting improper authorization checks...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/05 7:23 a.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the MethodRouter.Handle process of the WebSocket RPC handler. An attacker can gain unauthorized access to sensitive information or perform unauthorized actions by exploiting improper authorization checks...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/05 7:23 a.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the MethodRouter.Handle process of the WebSocket RPC handler. An attacker can gain unauthorized access to sensitive information or perform unauthorized actions by exploiting improper authorization checks...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/05 6:49 a.m.3 views

Improper Validation of Consistency within Input

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Validation of Consistency within Input due to improper validation of the emailverified claim in the...

6.3CVSS6.2AI score0.00196EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/05 5:32 a.m.6 views

UNIX Symbolic Link (Symlink) Following

Overview mcp-markdownify-server is a Model Context Protocol MCP server that converts various file types and web content to Markdown format. It provides a set of tools to transform PDFs, images, audio files, web pages, and more into easily readable and shareable Markdown text. Affected versions of...

4.8CVSS6AI score0.00137EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/05 5:30 a.m.7 views

Insecure Randomness

Overview mcp-markdownify-server is a Model Context Protocol MCP server that converts various file types and web content to Markdown format. It provides a set of tools to transform PDFs, images, audio files, web pages, and more into easily readable and shareable Markdown text. Affected versions of...

2.5CVSS6AI score0.00108EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/05 12:18 a.m.3 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the decodeFromCompressedByteBuffer function due to improper handling of the lengthOfCompressedContents argument. An attacker can cause excessive memory allocation by supplying a crafted...

4.8CVSS6.1AI score0.00118EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/04 11:39 p.m.5 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the decodeFromByteBuffer function due to improper handling of the numberOfSignificantValueDigits argument. An attacker can cause excessive memory consumption by supplying crafted input...

5CVSS5.9AI score0.0012EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.5 views

Malicious Package

Overview @petitcode/eb-retry is a malicious package. This package contains malicious code and is part of a coordinated npm supply-chain campaign. It ships an obfuscated postinstall payload that downloads and executes a Rust-compiled infostealer binary. Impact The infostealer targets crypto wallet...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.6 views

Malicious Package

Overview @tinyfox/shapecheck is a malicious package. This package contains malicious code and is part of a coordinated npm supply-chain campaign. It ships an obfuscated postinstall payload that downloads and executes a Rust-compiled infostealer binary. Impact The infostealer targets crypto wallet...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.4 views

Malicious Package

Overview @thymelab/logfx is a malicious package. This package contains malicious code and is part of a coordinated npm supply-chain campaign. It ships an obfuscated postinstall payload that downloads and executes a Rust-compiled infostealer binary. Impact The infostealer targets crypto wallets,...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.7 views

Malicious Package

Overview paperclip2 is a malicious package. This package contains malicious code and consists solely of a package.json file, with no JavaScript files present. A one-liner embedded in its postinstall script spawns a reverse shell that connects to a remote host on port 7007. Users who have installe...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.5 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.4 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.4 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.5 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.4 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.4 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.4 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
Total number of security vulnerabilities35547