Lucene search
+L

35936 matches found

snyk
snyk
added 2026/07/01 9:19 p.m.5 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

6.9CVSS6.2AI score0.00103EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.4 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.9CVSS6.2AI score0.00103EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.4 views

Heap-based Buffer Overflow

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.9CVSS6.2AI score0.00103EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.6 views

Heap-based Buffer Overflow

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS6.2AI score0.00103EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.4 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS6.2AI score0.00103EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.5 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS6.2AI score0.00103EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.5 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to incorrect handling of arguments in the JP2 encoder. An attacker can cause a heap buffer over-write by supplying specially crafted arguments during image processing. Remediation A fix was pushed into the...

6.9CVSS6.1AI score0.00103EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.6 views

Heap-based Buffer Overflow

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

6.9CVSS6.2AI score0.00103EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.4 views

Heap-based Buffer Overflow

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS6.2AI score0.00103EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.4 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.9CVSS6.2AI score0.00103EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.5 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS6.2AI score0.00103EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.4 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

6.9CVSS6.2AI score0.00103EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.6 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS6.2AI score0.00103EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.4 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS6.2AI score0.00103EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.4 views

Sensitive Cookie with Improper SameSite Attribute

Overview org.asynchttpclient:async-http-client is a maven plugin for the Async Http Client AHC classes. Affected versions of this package are vulnerable to Sensitive Cookie with Improper SameSite Attribute via ThreadSafeCookieStore in ThreadSafeCookieStore.add.... An attacker can plant a cookie f...

6.3CVSS6AI score0.00179EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:17 p.m.7 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via unsafe JavaBean materialization in com.mchange.v2.naming.JavaBeanObjectFactory. An attacker can trigger arbitrary class construction and property initialization by supplying a malicious JNDI Referen...

7.5CVSS6.1AI score0.00327EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:6 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the realm parameter in the authentication process. An attacker can cause the client to send requests to internal network endpoints or transmit credentials over an unencrypted channel by controlling t...

3.1CVSS6AI score
Exploits0References3
snyk
snyk
added 2026/07/01 9:6 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the realm parameter in the authentication process. An attacker can cause the client to send requests to internal network endpoints or transmit credentials over an unencrypted channel by controlling t...

3.1CVSS6AI score
Exploits0References3
snyk
snyk
added 2026/07/01 8:56 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the json.NewDecoder process in multiple API endpoints that lack a body-size cap. An attacker can exhaust system memory and cause service disruption by sending large, unbounded JSO...

6.9CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 8:56 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the json.NewDecoder process in multiple API endpoints that lack a body-size cap. An attacker can exhaust system memory and cause service disruption by sending large, unbounded JSO...

6.9CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 8:55 p.m.4 views

Prototype Pollution

Overview @hey-api/openapi-ts is a 🌀 OpenAPI to TypeScript code generator. Production-grade SDKs, Zod schemas, TanStack Query hooks, and 20+ plugins. Used by Vercel, OpenCode, and PayPal. Affected versions of this package are vulnerable to Prototype Pollution in the buildClientParams process. An...

6.3CVSS6.6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 8:51 p.m.3 views

Incorrect Implementation of Authentication Algorithm

Overview Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm in the authentication provider's team membership evaluation process. An attacker can gain unauthorized access to resources or permissions assigned to other teams within the same...

8.8CVSS5.9AI score0.0037EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 8:51 p.m.6 views

Incorrect Implementation of Authentication Algorithm

Overview Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm in the authentication provider's team membership evaluation process. An attacker can gain unauthorized access to resources or permissions assigned to other teams within the same...

8.8CVSS5.9AI score0.0037EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 8:51 p.m.6 views

Incorrect Implementation of Authentication Algorithm

Overview Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm in the authentication provider's team membership evaluation process. An attacker can gain unauthorized access to resources or permissions assigned to other teams within the same...

8.8CVSS5.9AI score0.0037EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 8:51 p.m.6 views

Incorrect Implementation of Authentication Algorithm

Overview Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm in the authentication provider's team membership evaluation process. An attacker can gain unauthorized access to resources or permissions assigned to other teams within the same...

8.8CVSS5.9AI score0.0037EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 8:45 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the valuesFrom process. An attacker can gain unauthorized access to secrets and config maps across namespaces by crafting resources such as HelmOp or Bundle with references to arbitrary secrets, provided they...

9.9CVSS6.1AI score0.00585EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 8:45 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the valuesFrom process. An attacker can gain unauthorized access to secrets and config maps across namespaces by crafting resources such as HelmOp or Bundle with references to arbitrary secrets, provided they...

9.9CVSS6.1AI score0.00585EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 8:45 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the valuesFrom process. An attacker can gain unauthorized access to secrets and config maps across namespaces by crafting resources such as HelmOp or Bundle with references to arbitrary secrets, provided they...

9.9CVSS6.1AI score0.00585EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 8:45 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the helm.repo process when the helmRepoURLRegex field is not set on a GitRepo resource. An attacker with git push access to a monitored repository can cause the system to forward Helm authentication...

5.3CVSS6.1AI score0.00386EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 8:45 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the helm.repo process when the helmRepoURLRegex field is not set on a GitRepo resource. An attacker with git push access to a monitored repository can cause the system to forward Helm authentication...

5.3CVSS6.1AI score0.00386EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 8:45 p.m.7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the helm.repo process when the helmRepoURLRegex field is not set on a GitRepo resource. An attacker with git push access to a monitored repository can cause the system to forward Helm authentication...

5.3CVSS6.1AI score0.00386EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 8:44 p.m.4 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via unsanitized repository URL components in the webhook endpoint when no secret is configured. An attacker can trigger continuous repository re-cloning, increasing network traffic and...

8.3CVSS6AI score0.00506EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 8:35 p.m.3 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the addLabelsFromOptions function. An attacker can overwrite security-sensitive namespace labels by pushing changes to a monitored repository, thereby weakening admission controls and enabling...

8.8CVSS6AI score0.00508EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 8:28 p.m.5 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the JWKS key caching process. An attacker can gain unauthorized access to another issuer or tenant's resources by crafting a valid token for one allowed issuer and exploiting the cache...

8.2CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 8:28 p.m.4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the JWKS key caching process. An attacker can gain unauthorized access to another issuer or tenant's resources by crafting a valid token for one allowed issuer and exploiting the cache...

8.2CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 8:28 p.m.5 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the JWKS key caching process. An attacker can gain unauthorized access to another issuer or tenant's resources by crafting a valid token for one allowed issuer and exploiting the cache...

8.2CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 8:28 p.m.5 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the JWKS key caching process. An attacker can gain unauthorized access to another issuer or tenant's resources by crafting a valid token for one allowed issuer and exploiting the cache...

8.2CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 8:28 p.m.4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the JWKS key caching process. An attacker can gain unauthorized access to another issuer or tenant's resources by crafting a valid token for one allowed issuer and exploiting the cache...

8.2CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 8:28 p.m.4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the JWKS key caching process. An attacker can gain unauthorized access to another issuer or tenant's resources by crafting a valid token for one allowed issuer and exploiting the cache...

8.2CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 7:58 p.m.2 views

Improper Verification of Cryptographic Signature

Overview org.webjars.npm:sigstore is a code-signing for npm packages Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the certificateOIDs option being accepted by the public API but discarded before verification, resulting in required...

8.7CVSS5.9AI score0.0019EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 7:58 p.m.6 views

Improper Verification of Cryptographic Signature

Overview @sigstore/verify is a Verification of Sigstore signatures Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the certificateOIDs option being accepted by the public API but discarded before verification, resulting in required...

8.7CVSS5.9AI score0.0019EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 7:58 p.m.3 views

Improper Verification of Cryptographic Signature

Overview @sigstore/cli is a Sigstore CLI Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the certificateOIDs option being accepted by the public API but discarded before verification, resulting in required certificate extension OIDs neve...

8.7CVSS5.9AI score0.0019EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 7:58 p.m.6 views

Improper Verification of Cryptographic Signature

Overview sigstore is a code-signing for npm packages Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the certificateOIDs option being accepted by the public API but discarded before verification, resulting in required certificate extensi...

8.7CVSS5.9AI score0.0019EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 7:57 p.m.3 views

Insufficient Verification of Data Authenticity

Overview @sigstore/verify is a Verification of Sigstore signatures Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the integratedTime process. An attacker can manipulate time-based verification decisions by supplying a crafted bundle that set...

7.1CVSS6AI score0.00158EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 7:49 p.m.6 views

Weak Password Recovery Mechanism for Forgotten Password

Overview Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password through the loginlink process. An attacker can gain unauthorized access to user accounts by reusing a previously issued password reset link after the password has been changed. Thi...

5.1CVSS5.9AI score
Exploits0References2
snyk
snyk
added 2026/07/01 7:25 p.m.4 views

Integer Overflow or Wraparound

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.8CVSS6AI score0.0022EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 7:25 p.m.3 views

Integer Overflow or Wraparound

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

8.8CVSS6AI score0.0022EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 7:25 p.m.4 views

Integer Overflow or Wraparound

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.8CVSS6AI score0.0022EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 7:25 p.m.4 views

Integer Overflow or Wraparound

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.8CVSS6AI score0.0022EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 7:25 p.m.4 views

Integer Overflow or Wraparound

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.8CVSS6AI score0.0022EPSS
Exploits0References2
Total number of security vulnerabilities35936