Lucene search
+L

36119 matches found

Snyk
Snyk
added 2026/07/06 10:35 a.m.6 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic in the Neo4jProducer.retrieveNodes and deleteNode processes when JSON property names from the CamelNeo4jMatchProperties header are interpolated into the Cypher WHERE clause...

8.8CVSS6.2AI score0.00329EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.7 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview org.apache.camel:camel-mail is a Camel Mail support. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through MailProducer.getSender in the mail component. An attacker can weaken SMTP transport security or...

6.9CVSS6.1AI score0.00378EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.3 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the operationName and operationNamespace headers, which are not properly filtered by the HTTP header filter. An attacker can cause the backend SOAP servi...

7.5CVSS6AI score0.00396EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the operationName and operationNamespace headers, which are not properly filtered by the HTTP header filter. An attacker can cause the backend SOAP servi...

7.5CVSS6AI score0.00396EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the operationName and operationNamespace headers, which are not properly filtered by the HTTP header filter. An attacker can cause the backend SOAP servi...

7.5CVSS6AI score0.00396EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.2 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the operationName and operationNamespace headers, which are not properly filtered by the HTTP header filter. An attacker can cause the backend SOAP servi...

7.5CVSS6AI score0.00396EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the operationName and operationNamespace headers, which are not properly filtered by the HTTP header filter. An attacker can cause the backend SOAP servi...

7.5CVSS6AI score0.00396EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the VertxWebsocketConsumer inbound header mapping in components/camel-vertx/camel-vertx-websocket. An attacker can redirect server-side HTTP requests and disclose sensitive values by sending WebSocke...

7.5CVSS5.9AI score0.00536EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the LuceneConstants.HEADERQUERY and LuceneConstants.HEADERRETURNLUCENEDOCS headers in the Lucene producer. An attacker can override the intended Lucene search by sending an HTTP...

7.5CVSS6.2AI score0.00399EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.4 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the improper handling of HTTP headers with the SolrParam. and SolrField. prefixes. An attacker can manipulate Solr query parameters or...

9.1CVSS6.1AI score0.0037EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.5 views

Information Exposure

Overview org.apache.camel:camel-netty-http is a versatile open-source integration framework based on known Enterprise Integration Patterns. Affected versions of this package are vulnerable to Information Exposure via the muteException handling in the NettyHttpConfiguration and NettyHttpComponent...

6.9CVSS6.1AI score0.00363EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the DnsConstants header handling in components/camel-dns/src/main/java/org/apache/camel/component/dns/DnsConstants.java and the DNS producers that consume those headers. An attacker can redirect DNS...

9.1CVSS6.2AI score0.0037EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.3 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the improper handling of Exchange message headers in the JIRA component. An attacker can perform unauthorized JIRA operations by supplying specially crafted HTTP headers, leveraging the endpoint's configure...

6.9CVSS6AI score0.00349EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the kafka.OVERRIDETOPIC and other kafka. headers that bypass the upstream HTTP header filter. An attacker can redirect messages to arbitrary Kafka topics...

6.9CVSS6.1AI score0.00385EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.5 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the improper handling of HTTP headers in the process. An attacker can manipulate internal Salesforce operation parameters, such as SOQL...

8.8CVSS6AI score0.00341EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.3 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the DaprPubSubConsumer process. An attacker can redirect or exfiltrate messages and bypass intended routing and topic-level access controls by publishing specially crafted CloudEvents with manipulated...

8.1CVSS6AI score0.00426EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.4 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the DaprPubSubConsumer process. An attacker can redirect or exfiltrate messages and bypass intended routing and topic-level access controls by publishing specially crafted CloudEvents with manipulated...

8.1CVSS6AI score0.00426EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the handling of gridfs. HTTP headers, which are not properly filtered and can be set by an HTTP client to control the GridFS operation performed by the...

9.8CVSS6AI score0.00452EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.3 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the irc.sendTo header and other irc. headers in HTTP requests. An attacker can redirect outgoing IRC messages to arbitrary channels or users by injecting...

6.9CVSS6.1AI score0.00428EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.3 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the KeycloakSecurityPolicy process. An attacker can gain unauthorized access to protected routes by supplying any non-null value in the Authorization: Bearer header, which is accepted without cryptographic...

9.8CVSS6.2AI score0.00619EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.6 views

Information Exposure

Overview org.apache.camel:camel-netty-http is a versatile open-source integration framework based on known Enterprise Integration Patterns. Affected versions of this package are vulnerable to Information Exposure in the muteException option handling of the HTTP consumer. An attacker can obtain...

6.9CVSS6AI score0.00363EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.6 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the muteException option handling of the HTTP consumer. An attacker can obtain sensitive internal information, such as Java stack traces containing credentials, hostnames, IP addresses, filesystem paths, and...

6.9CVSS6AI score0.00363EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:32 a.m.5 views

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' due to the lack of an inbound filter rule in Sns2HeaderFilterStrategy. An attacker cannot manipulate internal headers o...

9.8CVSS5.9AI score0.00427EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:32 a.m.4 views

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' due to the lack of an inbound filter rule in Sns2HeaderFilterStrategy. An attacker cannot manipulate internal headers o...

9.8CVSS5.9AI score0.00427EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:32 a.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the mapping of externally-supplied message user-headers into the Exchange without applying a header filtering process. An attacker can manipulate internal control headers by injecting specially craft...

8.8CVSS6AI score0.00396EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:32 a.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the mapping of externally-supplied message user-headers into the Exchange without applying a header filtering process. An attacker can manipulate internal control headers by injecting specially craft...

8.8CVSS6AI score0.00396EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:32 a.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the WebsocketConsumer.service process. An attacker can redirect server-side HTTP requests to arbitrary destinations and access sensitive environment variables, application properties, or vault secret...

7.5CVSS6.1AI score0.00536EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:32 a.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the WebsocketConsumer.service process. An attacker can redirect server-side HTTP requests to arbitrary destinations and access sensitive environment variables, application properties, or vault secret...

7.5CVSS6.1AI score0.00536EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:32 a.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the WebsocketConsumer.service process. An attacker can redirect server-side HTTP requests to arbitrary destinations and access sensitive environment variables, application properties, or vault secret...

7.5CVSS6.1AI score0.00536EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:32 a.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the mapping of externally-supplied message user-headers into the Exchange without applying a header filtering process. An attacker can manipulate internal control headers by injecting specially craft...

8.8CVSS6AI score0.00396EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 8:35 a.m.7 views

Command Injection

Overview react-dev-utils is an includes some utilities used by Create React App. Affected versions of this package are vulnerable to Command Injection via the startBrowserProcess function in react-dev-utils/openBrowser.js. An attacker can execute arbitrary operating system commands by supplying...

9.8CVSS7.2AI score0.01324EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 2:26 a.m.5 views

Protection Mechanism Failure

Overview Affected versions of this package are vulnerable to Protection Mechanism Failure in the client.go process of the Docker API component. An attacker can escape the intended sandbox restrictions by sending crafted requests to the affected API endpoint. Remediation A fix was pushed into the...

6.5CVSS6AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 2:26 a.m.2 views

Protection Mechanism Failure

Overview Affected versions of this package are vulnerable to Protection Mechanism Failure in the client.go process of the Docker API component. An attacker can escape the intended sandbox restrictions by sending crafted requests to the affected API endpoint. Remediation A fix was pushed into the...

6.5CVSS6AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/05 12:28 p.m.8 views

Authorization Bypass Through User-Controlled Key

Overview langgraph is a Building stateful, multi-actor applications with LLMs Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a key collision in the defaultcachekey and freeze functions of langgraph/internal/cache.py, where freeze reduce...

4.2CVSS6AI score0.0016EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/05 7:23 a.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the MethodRouter.Handle process of the WebSocket RPC handler. An attacker can gain unauthorized access to sensitive information or perform unauthorized actions by exploiting improper authorization checks...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/05 7:23 a.m.8 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the MethodRouter.Handle process of the WebSocket RPC handler. An attacker can gain unauthorized access to sensitive information or perform unauthorized actions by exploiting improper authorization checks...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/05 7:23 a.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the MethodRouter.Handle process of the WebSocket RPC handler. An attacker can gain unauthorized access to sensitive information or perform unauthorized actions by exploiting improper authorization checks...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/05 6:49 a.m.3 views

Improper Validation of Consistency within Input

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Validation of Consistency within Input due to improper validation of the emailverified claim in the...

6.3CVSS6.2AI score0.00196EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/05 5:32 a.m.7 views

UNIX Symbolic Link (Symlink) Following

Overview mcp-markdownify-server is a Model Context Protocol MCP server that converts various file types and web content to Markdown format. It provides a set of tools to transform PDFs, images, audio files, web pages, and more into easily readable and shareable Markdown text. Affected versions of...

4.8CVSS6AI score0.00137EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/05 5:30 a.m.9 views

Insecure Randomness

Overview mcp-markdownify-server is a Model Context Protocol MCP server that converts various file types and web content to Markdown format. It provides a set of tools to transform PDFs, images, audio files, web pages, and more into easily readable and shareable Markdown text. Affected versions of...

2.5CVSS6AI score0.00108EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/05 12:18 a.m.3 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the decodeFromCompressedByteBuffer function due to improper handling of the lengthOfCompressedContents argument. An attacker can cause excessive memory allocation by supplying a crafted...

4.8CVSS6.1AI score0.00118EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/04 11:39 p.m.6 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the decodeFromByteBuffer function due to improper handling of the numberOfSignificantValueDigits argument. An attacker can cause excessive memory consumption by supplying crafted input...

5CVSS5.9AI score0.0012EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.5 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code, and its content was removed from the official package manager. It was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.8 views

Malicious Package

Overview @thymelab/logfx is a malicious package. This package contains malicious code and is part of a coordinated npm supply-chain campaign. It ships an obfuscated postinstall payload that downloads and executes a Rust-compiled infostealer binary. Impact The infostealer targets crypto wallets,...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.5 views

Malicious Package

Overview @petitcode/eb-retry is a malicious package. This package contains malicious code and is part of a coordinated npm supply-chain campaign. It ships an obfuscated postinstall payload that downloads and executes a Rust-compiled infostealer binary. Impact The infostealer targets crypto wallet...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.4 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.9 views

Malicious Package

Overview @briskforge/envcheck is a malicious package. This package contains malicious code and is part of a coordinated npm supply-chain campaign. It ships an obfuscated postinstall payload that downloads and executes a Rust-compiled infostealer binary. Impact The infostealer targets crypto...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.9 views

Malicious Package

Overview @zynkit/jwtbytes is a malicious package. This package contains malicious code and is part of a coordinated npm supply-chain campaign. It ships an obfuscated postinstall payload that downloads and executes a Rust-compiled infostealer binary. Impact The infostealer targets crypto wallets,...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 9:0 p.m.9 views

Malicious Package

Overview @lazyutil/dater is a malicious package. This package contains malicious code and is part of a coordinated npm supply-chain campaign. It ships an obfuscated postinstall payload that downloads and executes a Rust-compiled infostealer binary. Impact The infostealer targets crypto wallets,...

9.8CVSS6AI score
Exploits0References2
Total number of security vulnerabilities36119