Lucene search
K

33588 matches found

Snyk
Snyk
added 2026/04/08 12:6 a.m.4 views

Directory Traversal

Overview coursevault-preview is a Preview course material files from a configured directory Affected versions of this package are vulnerable to Directory Traversal via improper validation in the resolveSafe utility. An attacker can access files outside the intended directory by supplying crafted...

5.9CVSS6.3AI score0.00141EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 12:5 a.m.4 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the createUser process in auth/proxy.go when proxy authentication is enabled and default settings include non-empty commands. An attacker can gain unauthorized execution capabilities and access to...

8.8CVSS5.9AI score0.00383EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 12:5 a.m.5 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the createUser process in auth/proxy.go when proxy authentication is enabled and default settings include non-empty commands. An attacker can gain unauthorized execution capabilities and access to...

8.8CVSS5.9AI score0.00383EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 12:5 a.m.5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the resourceGetHandler process. An attacker can access the full content of text files within their authorized scope by sending requests to the /api/resources endpoint, bypassing the intended download permission...

7.5CVSS5.8AI score0.00274EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 12:5 a.m.8 views

Missing Authorization

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Missing Authorization in the resourceGetHandler process. An attacker can access the full content of text files within their authorized scope by sending requests to the...

7.5CVSS5.8AI score0.00274EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 12:4 a.m.7 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to the withHashFile handler not re-checking the share owner's current permissions. An attacker can access previously created share links and download files without authentication by using a valid but outdated...

8.2CVSS5.8AI score0.00332EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 12:4 a.m.4 views

Incorrect Authorization

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Incorrect Authorization due to the withHashFile handler not re-checking the share owner's current permissions. An attacker can access previously created share links and...

8.2CVSS5.7AI score0.00332EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 12:4 a.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the Matches function due to improper use of strings.HasPrefix for path matching without ensuring a directory boundary. An attacker can gain unauthorized access to files in directories with names that share a commo...

7.5CVSS6.4AI score0.00392EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 12:4 a.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the Matches function due to improper use of strings.HasPrefix for path matching without ensuring a directory boundary. An attacker can gain unauthorized access to files in directories with names that share a commo...

7.5CVSS6.4AI score0.00392EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 12:4 a.m.3 views

Directory Traversal

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Directory Traversal in the safeextractall function. An attacker can write files outside the intended extraction directory by crafting a malicious tar archiv...

6.5CVSS6.3AI score0.00255EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 12:4 a.m.4 views

Incorrect Authorization

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Incorrect Authorization in the configuration for SSL certificate and key file paths due to incorrect option name checks. An attacker can gain unauthorized...

7.6CVSS5.9AI score0.00142EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 12:4 a.m.9 views

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection through the Runner.exec process. An attacker can execute arbitrary OS commands on the server by uploading or renaming a file with a crafted filename containing shell metacharacters, which are unsafely...

7.5CVSS6AI score0.01922EPSS
Exploits2References3
Snyk
Snyk
added 2026/04/08 12:4 a.m.2 views

Use of Password Hash With Insufficient Computational Effort

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort via the user/info, user/update, and spend/users API endpoints, which return password hash fields in responses to...

8.6CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/04/08 12:0 a.m.7 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the processing of XCOFF object files. An attacker can execute unauthorized code or commands by convincing a user to process a specially crafted file. Remediation A fix was pushed into the master branch but...

8.5CVSS5.5AI score0.00171EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 11:11 p.m.4 views

Embedded Malicious Code

Overview @velora-dex/sdk is a SDK for the Velora API Affected versions of this package are vulnerable to Embedded Malicious Code that delivers a malicious payload through dist/index.js. An attacker uploaded a compromised version of the package directly to the npm registry. The payload runs a...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/04/07 11:9 p.m.3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the AES-CFB-128 process on x86-64 systems with AVX-512 and VAES support when processing partial cipher blocks. An attacker can cause a crash and application termination by providing input buffers that end at a memo...

9.1CVSS6AI score0.00313EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 11:9 p.m.4 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the DANE client authentication process. An attacker can cause memory corruption, application crashes, or potentially execute arbitrary code by manipulating TLSA records with both PKIX-TA/PKIX-EE and DANE-TA certificate...

9.2CVSS6AI score0.00631EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 11:9 p.m.4 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the delta CRL processing when the required CRLNumber extension is missing. An attacker can cause an application crash by supplying a specially crafted malformed CRL file. Note: This is only exploitable if the...

8.2CVSS5.4AI score0.00885EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 11:9 p.m.3 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CMSdecrypt function. An attacker can cause a crash by submitting a crafted CMS EnvelopedData message with a missing optional parameters field in the RSA-OAEP SourceFunc algorithm identifier. Notes: - This...

8.2CVSS5.9AI score0.00805EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 11:9 p.m.5 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CMSdecrypt function. An attacker can cause a crash by submitting a specially crafted CMS EnvelopedData message with a missing optional parameters field in the KeyEncryptionAlgorithmIdentifier, leading to ...

8.2CVSS5.8AI score0.00805EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 11:9 p.m.2 views

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions via the RSASVE encapsulation process. An attacker can obtain sensitive information by supplying an invalid RSA public key and triggering the use of uninitialized memory contents as...

8.2CVSS5.8AI score0.00981EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 11:9 p.m.2 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the hexadecimal conversion process of excessively large OCTET STRING values in X.509 certificate extensions such as Subject Key Identifier or Authority Key Identifier. An attacker can cause a crash, execute...

9.8CVSS6.1AI score0.00225EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 10:53 p.m.4 views

Cross-site Scripting (XSS)

Overview std/html/template is a Go standard library package std/html/template Affected versions of this package are vulnerable to Cross-site Scripting XSS. Go Vulnerability Report: Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect...

6.1CVSS5.5AI score0.0029EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/07 10:53 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: During chain building, the amount of work that is done is not correctly limited when a large...

7.5CVSS5.8AI score0.00615EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/07 10:53 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview std/archive/tar is a Go standard library package std/archive/tar Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted...

6.9CVSS5.8AI score0.0029EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/07 10:53 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview std/crypto/tls is a Go standard library package std/crypto/tls Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: If one side of the TLS connection sends multiple key update messages post-handshake in a singl...

8.7CVSS5.8AI score0.00621EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/07 10:53 p.m.3 views

Improper Handling of Case Sensitivity

Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity. Go Vulnerability Report: When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly...

8.8CVSS5.7AI score0.0034EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/07 10:53 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: Validating certificate chains which use policies is unexpectedly inefficient when certificat...

8.2CVSS5.8AI score0.00349EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/07 10:53 p.m.9 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview std/internal/syscall/unix is a Go standard library package std/internal/syscall/unix Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition. Go Vulnerability Report:On Linux, if the target of Root.Chmod is replaced with a symlink while the chm...

7.8CVSS5.8AI score0.00292EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/07 10:12 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the baggage header extraction process. An attacker can cause excessive CPU and memory allocations by sending numerous baggage header lines, even if each individual value remains...

8.7CVSS5.8AI score0.00435EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 10:12 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the baggage header extraction process. An attacker can cause excessive CPU and memory allocations by sending numerous baggage header lines, even if each individual value remains...

8.7CVSS5.8AI score0.00435EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 10:12 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the baggage header extraction process. An attacker can cause excessive CPU and memory allocations by sending numerous baggage header lines, even if each individual value remains...

8.7CVSS5.8AI score0.00435EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 10:12 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the baggage header extraction process. An attacker can cause excessive CPU and memory allocations by sending numerous baggage header lines, even if each individual value remains...

8.7CVSS5.8AI score0.00435EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 10:12 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the baggage header extraction process. An attacker can cause excessive CPU and memory allocations by sending numerous baggage header lines, even if each individual value remains...

8.7CVSS5.8AI score0.00435EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 10:12 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the baggage header extraction process. An attacker can cause excessive CPU and memory allocations by sending numerous baggage header lines, even if each individual value remains...

8.7CVSS5.8AI score0.00435EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 10:12 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the baggage header extraction process. An attacker can cause excessive CPU and memory allocations by sending numerous baggage header lines, even if each individual value remains...

8.7CVSS5.8AI score0.00435EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 10:12 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the baggage header extraction process. An attacker can cause excessive CPU and memory allocations by sending numerous baggage header lines, even if each individual value remains...

8.7CVSS5.8AI score0.00435EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 10:11 p.m.4 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper validation in the certificateknown function. An attacker can bypass certificate trust verification by presenting an end entity certificate with a distinguished name and subject key...

9.8CVSS5.7AI score0.00249EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 10:10 p.m.7 views

Improper Enforcement of Behavioral Workflow

Overview Affected versions of this package are vulnerable to Improper Enforcement of Behavioral Workflow in the TLS 1.3 implementation, which processes ApplicationData records before receiving the Finished message. An attacker can bypass certificate-based client authentication by omitting the...

9.1CVSS5.8AI score0.00233EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 9:10 p.m.4 views

Missing Report of Error Condition

Overview Affected versions of this package are vulnerable to Missing Report of Error Condition in the verify-blob-attestation module when used without --check-claims flag. An attacker can cause the system to incorrectly report successful verification of attestations with malformed payloads or...

6.9CVSS5.8AI score0.00241EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 9:10 p.m.4 views

Missing Report of Error Condition

Overview github.com/sigstore/cosign/cmd/cosign/cli/verify is a package that aims to make signatures invisible infrastructure. Affected versions of this package are vulnerable to Missing Report of Error Condition in the verify-blob-attestation module when used without --check-claims flag. An...

6.9CVSS5.8AI score0.00241EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 9:10 p.m.4 views

Missing Report of Error Condition

Overview Affected versions of this package are vulnerable to Missing Report of Error Condition in the verify-blob-attestation module when used without --check-claims flag. An attacker can cause the system to incorrectly report successful verification of attestations with malformed payloads or...

6.9CVSS5.8AI score0.00241EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 9:9 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper handling of user-supplied input in the list fields on page values and the Special:CargoTables interface. An attacker can execute arbitrary JavaScript in the context of other users by injecting...

8.7CVSS5.8AI score0.00158EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 9:7 p.m.3 views

Missing Authorization

Overview @delmaredigital/payload-puck is a Puck visual page builder plugin for Payload CMS Affected versions of this package are vulnerable to Missing Authorization via the createPuckPlugin function. An attacker can gain unauthorized access to sensitive data and perform unauthorized modifications...

9.8CVSS5.7AI score0.00376EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 9:0 p.m.8 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ?describe page when user-supplied input is reflected in the response without proper sanitization. An attacker can execute JavaScript in the context of a victim's browser by convincing the user to click a...

6.1CVSS5.6AI score0.00465EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 8:17 p.m.1 views

Deserialization of Untrusted Data

Overview monai is an AI Toolkit for Healthcare Imaging Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the algofrompickle function in monai/auto3dseg/utils.py. An attacker can execute arbitrary code by providing a crafted pickle file that is deserialized...

8.8CVSS6.2AI score
Exploits0References2
Snyk
Snyk
added 2026/04/07 8:17 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of Mustache navigation templates when user-controlled values are interpolated into the href attribute without proper URL scheme validation. An attacker can execute arbitrary JavaScript in the...

4.8CVSS5.7AI score0.00176EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 8:17 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of Mustache navigation templates when user-controlled values are interpolated into the href attribute without proper URL scheme validation. An attacker can execute arbitrary JavaScript in the...

4.8CVSS5.7AI score0.00176EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 8:13 p.m.2 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error through the lack CORS checks Host and Origin header validation on incoming HTTP connections. An attacker can gain unauthorized access to local or private-network servers by tricking a victim into visiting a...

7.6CVSS5.8AI score0.00136EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 8:13 p.m.1 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the customQuery argument in the detailPlus endpoint. An attacker can execute arbitrary SQL commands by supplying crafted input remotely. Remediation There is no fixed version for tech.powerjob:powerjob-server-starter...

7.5CVSS6.2AI score0.00269EPSS
Exploits0References2
Total number of security vulnerabilities33588