Lucene search
K

35669 matches found

Snyk
Snyk
•added 2026/07/04 11:13 a.m.•4 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release in the NGSetupRequest process. An attacker can cause the service to become unavailable by sending specially crafted requests remotely. Remediation Upgrade github.com/omec-project/amf/ngap to version...

5.3CVSS5.9AI score0.00317EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/04 11:13 a.m.•5 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the RRCInactiveTransitionReport function of the NGAP Message Handler component. An attacker can cause a service disruption by sending specially crafted messages remotely. Remediation Upgrade...

5.3CVSS6AI score0.00522EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/04 11:13 a.m.•8 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the RRCInactiveTransitionReport function of the NGAP Message Handler component. An attacker can cause a service disruption by sending specially crafted messages remotely. Remediation Upgrade...

5.3CVSS6AI score0.00522EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/04 11:13 a.m.•6 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the RRCInactiveTransitionReport function of the NGAP Message Handler component. An attacker can cause a service disruption by sending specially crafted messages remotely. Remediation Upgrade...

5.3CVSS6AI score0.00522EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/04 11:13 a.m.•5 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the RRCInactiveTransitionReport function of the NGAP Message Handler component. An attacker can cause a service disruption by sending specially crafted messages remotely. Remediation Upgrade...

5.3CVSS6AI score0.00522EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/04 11:13 a.m.•4 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the RRCInactiveTransitionReport function of the NGAP Message Handler component. An attacker can cause a service disruption by sending specially crafted messages remotely. Remediation Upgrade...

5.3CVSS6AI score0.00522EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/04 11:13 a.m.•6 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release in the NGSetupRequest process. An attacker can cause the service to become unavailable by sending specially crafted requests remotely. Remediation Upgrade github.com/omec-project/amf/util to version...

5.3CVSS5.9AI score0.00317EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/04 11:13 a.m.•5 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release in the NGSetupRequest process. An attacker can cause the service to become unavailable by sending specially crafted requests remotely. Remediation Upgrade github.com/omec-project/amf/nas/nassecurity...

5.3CVSS5.9AI score0.00317EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/04 11:13 a.m.•7 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release in the NGSetupRequest process. An attacker can cause the service to become unavailable by sending specially crafted requests remotely. Remediation Upgrade github.com/omec-project/amf/gmm to version...

5.3CVSS5.9AI score0.00317EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/04 11:13 a.m.•5 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release in the NGSetupRequest process. An attacker can cause the service to become unavailable by sending specially crafted requests remotely. Remediation Upgrade github.com/omec-project/amf/metrics to...

5.3CVSS5.9AI score0.00317EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/04 3:12 a.m.•8 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the makelabel function in the reduce method. An attacker can execute arbitrary commands by crafting...

8.1CVSS6.2AI score0.003EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/04 3:12 a.m.•7 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the runautogradprof function. An attacker can execute arbitrary code by crafting a malicious pickle file...

8.1CVSS6.6AI score0.00427EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/04 3:12 a.m.•7 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the runcode function in the reduce methods of pickle files. An attacker can execute arbitrary code by...

8.1CVSS6.2AI score0.00427EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/04 3:12 a.m.•8 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the lib2to3.pgen2.grammar.Grammar.loads function. An attacker can execute arbitrary code by providing a...

8.1CVSS6.6AI score0.00427EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/04 3:12 a.m.•8 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the asyncio.unixevents.UnixSubprocessTransport.start function. An attacker can execute arbitrary commands...

8.1CVSS6.2AI score0.00555EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/04 3:11 a.m.•6 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the numpy.f2py.crackfortran process. An attacker can execute arbitrary code by crafting malicious pickle...

8.1CVSS6.2AI score0.003EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/04 3:11 a.m.•6 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the idlelib.calltip.getentity function in reduce methods. An attacker can execute arbitrary remote comman...

8.1CVSS6.3AI score0.003EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/04 12:58 a.m.•5 views

Improper Verification of Cryptographic Signature

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the Stanford Interface Classes. An attacker can execute arbitrary code by supplying a...

8.5CVSS7.4AI score0.00158EPSS
Exploits1References2
Snyk
Snyk
•added 2026/07/03 10:20 p.m.•4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS6.1AI score0.00783EPSS
Exploits4References2
Snyk
Snyk
•added 2026/07/03 10:20 p.m.•3 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS6.1AI score0.00783EPSS
Exploits4References2
Snyk
Snyk
•added 2026/07/03 10:20 p.m.•4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS6.1AI score0.00783EPSS
Exploits4References2
Snyk
Snyk
•added 2026/07/03 10:20 p.m.•4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS6.1AI score0.00783EPSS
Exploits4References2
Snyk
Snyk
•added 2026/07/03 10:20 p.m.•5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS7.4AI score0.00783EPSS
Exploits4References2
Snyk
Snyk
•added 2026/07/03 10:20 p.m.•4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS7.4AI score0.00783EPSS
Exploits4References2
Snyk
Snyk
•added 2026/07/03 10:20 p.m.•5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS7.4AI score0.00783EPSS
Exploits4References2
Snyk
Snyk
•added 2026/07/03 10:20 p.m.•4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS7.4AI score0.00783EPSS
Exploits4References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the tracked-time list endpoint. An attacker can access time tracking information without proper authorization by sending crafted requests to this endpoint. Remediation Upgrade...

6.9CVSS6AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the tracked-time list endpoint. An attacker can access time tracking information without proper authorization by sending crafted requests to this endpoint. Remediation Upgrade gitea.dev/services/convert to...

6.9CVSS6AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•3 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via insufficient validation of repository creation fields, including length-limited template fields and trust model or object format values. An attacker can submit malformed or unexpected data by providing...

9.1CVSS6AI score0.00373EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•3 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via insufficient validation of repository creation fields, including length-limited template fields and trust model or object format values. An attacker can submit malformed or unexpected data by providing...

9.1CVSS6AI score0.00373EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•5 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via insufficient validation of repository creation fields, including length-limited template fields and trust model or object format values. An attacker can submit malformed or unexpected data by providing...

9.1CVSS6AI score0.00373EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•5 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via insufficient validation of repository creation fields, including length-limited template fields and trust model or object format values. An attacker can submit malformed or unexpected data by providing...

9.1CVSS6AI score0.00373EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•4 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via insufficient validation of repository creation fields, including length-limited template fields and trust model or object format values. An attacker can submit malformed or unexpected data by providing...

9.1CVSS6AI score0.00373EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•6 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via insufficient validation of repository creation fields, including length-limited template fields and trust model or object format values. An attacker can submit malformed or unexpected data by providing...

9.1CVSS6AI score0.00373EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•4 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack in the TOTP authentication process. An attacker can gain unauthorized access by reusing a previously valid one-time password across web two-factor authentication flows and the Basic Auth X-Gitea-OTP path. Remediation Upgra...

7.1CVSS6AI score0.00481EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•3 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack in the TOTP authentication process. An attacker can gain unauthorized access by reusing a previously valid one-time password across web two-factor authentication flows and the Basic Auth X-Gitea-OTP path. Remediation Upgra...

7.1CVSS6AI score0.00481EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•5 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack in the TOTP authentication process. An attacker can gain unauthorized access by reusing a previously valid one-time password across web two-factor authentication flows and the Basic Auth X-Gitea-OTP path. Remediation Upgra...

7.1CVSS6AI score0.00481EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•4 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack in the TOTP authentication process. An attacker can gain unauthorized access by reusing a previously valid one-time password across web two-factor authentication flows and the Basic Auth X-Gitea-OTP path. Remediation Upgra...

7.1CVSS6AI score0.00481EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•5 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack in the TOTP authentication process. An attacker can gain unauthorized access by reusing a previously valid one-time password across web two-factor authentication flows and the Basic Auth X-Gitea-OTP path. Remediation Upgra...

7.1CVSS7.2AI score0.00481EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•6 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack in the TOTP authentication process. An attacker can gain unauthorized access by reusing a previously valid one-time password across web two-factor authentication flows and the Basic Auth X-Gitea-OTP path. Remediation Upgra...

7.1CVSS7.2AI score0.00481EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•4 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack in the TOTP authentication process. An attacker can gain unauthorized access by reusing a previously valid one-time password across web two-factor authentication flows and the Basic Auth X-Gitea-OTP path. Remediation Upgra...

7.1CVSS7.2AI score0.00481EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•4 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack in the TOTP authentication process. An attacker can gain unauthorized access by reusing a previously valid one-time password across web two-factor authentication flows and the Basic Auth X-Gitea-OTP path. Remediation Upgra...

7.1CVSS7.2AI score0.00481EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•6 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the organization permission APIs due to insufficient visibility checks for hidden members and private organizations. An attacker can access private visibility information by querying these APIs. Remediation...

7.5CVSS6AI score0.00353EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•7 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the organization permission APIs due to insufficient visibility checks for hidden members and private organizations. An attacker can access private visibility information by querying these APIs. Remediation...

7.5CVSS6AI score0.00353EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to insufficient permission checks in the process for updating or rebasing pull request branches. An attacker can gain unauthorized access or modify protected branches by exploiting this weakness. Remediation...

7.5CVSS6AI score0.00322EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to insufficient permission checks in the process for updating or rebasing pull request branches. An attacker can gain unauthorized access or modify protected branches by exploiting this weakness. Remediation...

7.5CVSS6AI score0.00322EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webhook and migration allow-list filtering process. An attacker can access internal network resources or sensitive endpoints by crafting requests that bypass the intended filtering. Remediation...

9.6CVSS6AI score0.00464EPSS
Exploits1References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the label process. An attacker can obtain sensitive information by accessing labels associated with private organizations without proper authorization. Remediation Upgrade gitea.dev/routers to version 1.26.3 or...

7.5CVSS6AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the label process. An attacker can obtain sensitive information by accessing labels associated with private organizations without proper authorization. Remediation Upgrade gitea.dev/services/auth to version...

7.5CVSS6AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the label process. An attacker can obtain sensitive information by accessing labels associated with private organizations without proper authorization. Remediation Upgrade gitea.dev/services/repository to versi...

7.5CVSS6AI score0.00482EPSS
Exploits0References2
Total number of security vulnerabilities35669