Lucene search
K

35665 matches found

Snyk
Snyk
added 4 days ago3 views

Deserialization of Untrusted Data

Overview BabelDOC is a Yet Another Document Translator Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the loaddata process. An attacker can execute arbitrary code with the privileges of the affected process by crafting a PDF that injects an absolute path...

8.5CVSS6.3AI score
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error in the CheckAuth process. An attacker can gain unauthorized administrative access by sending requests from any Chrome or Chromium browser extension, allowing them to exfiltrate data, inject malicious scripts, and...

9.2CVSS6.1AI score0.00607EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the getDynamicIcon process. An attacker can retrieve sensitive database content by sending crafted requests to the unauthenticated endpoint with a valid block ID and specially crafted...

8.2CVSS6.1AI score0.00239EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago8 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview credsweeper is a Credential Sweeper Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification through improper enforcement of size limits during recursive scanning of compressed or archived files. An attacker can cause excessive...

6.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the renderSnippet process. An attacker can execute arbitrary JavaScript code and potentially achieve remote code execution by injecting a crafted CSS snippet containing a tag followed by...

9.9CVSS6.6AI score0.00307EPSS
Exploits0References3
Snyk
Snyk
added 4 days ago2 views

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the GetAssetAbsPath process. An attacker can access sensitive files by sending specially crafted HTTP requests with double URL-encoded path segments to the /assets/path endpoint in publish...

8.7CVSS6.1AI score0.01892EPSS
Exploits0References4
Snyk
Snyk
added 4 days ago2 views

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the GetAssetAbsPath process. An attacker can access sensitive files by sending specially crafted HTTP requests with double URL-encoded path segments to the /assets/path endpoint in publish...

8.7CVSS6.1AI score0.01892EPSS
Exploits0References4
Snyk
Snyk
added 4 days ago2 views

Malicious Package

Overview polipoli-pak is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago1 views

Allocation of Resources Without Limits or Throttling

Overview adm-zip is a JavaScript implementation for zip data compression for NodeJS. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in zipEntry.js and entryHeader.js, which size a Buffer.alloc call directly from the uncompressed-size field...

8.7CVSS6.1AI score0.00432EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago1 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:adm-zip is a JavaScript implementation for zip data compression for NodeJS. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in zipEntry.js and entryHeader.js, which size a Buffer.alloc call directly from the...

8.7CVSS6.1AI score0.00432EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Allocation of Resources Without Limits or Throttling

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the forceResize process in fallbackUrl, which passes unbounded dimension parameters t...

8.7CVSS6.1AI score0.00301EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

User Impersonation

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to User Impersonation via manipulation of the Host header. An attacker can gain unauthorized access to the /v1 proxy and trigger server-side requests to internal or cloud-metadata...

8.8CVSS6.1AI score0.00246EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Missing Authorization

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Missing Authorization via the rewrite process for the /codex path. An attacker can gain unauthorized access to backend LLM provider credentials and trigger upstream provider cal...

8.8CVSS6.1AI score0.00372EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the SSLClient and Client processes in HTTPS mode when connecting to an IP-literal host with server certificate verification enabled. An attacker can intercept and manipulate encrypted traffic by...

9.1CVSS6.1AI score0.00264EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Improper Authentication

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Improper Authentication via the dashboardGuard.js process. An attacker can gain unauthorized access to sensitive API endpoints by sending requests through a same-host reverse...

8.3CVSS6.1AI score0.00315EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the Installer::unZip process. An attacker can cause a system crash or exhau...

6.9CVSS6.1AI score0.0039EPSS
Exploits1References2
Snyk
Snyk
added 4 days ago4 views

Server-side Request Forgery (SSRF)

Overview mcp-atlassian is a The Model Context Protocol MCP Atlassian integration is an open-source implementation that bridges Atlassian products Jira and Confluence with AI language models following Anthropic's MCP specification. This project enables secure, contextual AI interactions with...

8.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Incorrect Authorization

Overview FlaskBB is an A classic Forum Software in Python using Flask. Affected versions of this package are vulnerable to Incorrect Authorization via manipulation of the topicid parameter in batch requests. An attacker can perform unauthorized actions such as locking, unlocking, deleting, or...

8.1CVSS6.1AI score0.00284EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Incorrect Comparison

Overview FlaskBB is an A classic Forum Software in Python using Flask. Affected versions of this package are vulnerable to Incorrect Comparison via the bulkdelete process. An attacker can remove all built-in authorization groups by sending specially crafted JSON data that exploits a type mismatch...

8.6CVSS6.1AI score0.00328EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago1 views

Allocation of Resources Without Limits or Throttling

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the MulterUploadMiddleware in the data-table upload path. An authenticated user can repeatedly upload CSV files to the data-table endpoin...

5.3CVSS6.1AI score0.00235EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Protection Mechanism Failure

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

6.9CVSS6.1AI score0.0022EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Server-side Request Forgery (SSRF)

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

7.2CVSS6.1AI score0.0018EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Arbitrary Code Injection

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

9.4CVSS6.4AI score0.00392EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Arbitrary Code Injection

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Arbitrary Code Injection via the offsetGet filter. An attacker can access sensitive configuration data, including secrets such as SMTP...

7.1CVSS6.1AI score0.00246EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Protection Mechanism Failure

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Protection Mechanism Failure in the AgentFlow.resolvepydanticclass process. An attacker can execute arbitrary Python code with the privilege...

8.5CVSS6.3AI score0.00129EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through the image process in open-sse/translator/concerns/image.js. An attacker can access internal-only HTTP services by...

7.4CVSS6.1AI score0.00154EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Directory Traversal

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Directory Traversal via the agent.start process. An attacker can overwrite files outside the intended project directory by supplying a...

6.9CVSS6.5AI score0.00141EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Directory Traversal

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

6.9CVSS6.5AI score0.00141EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Directory Traversal

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Directory Traversal in the concatenatePaths function. An attacker can read arbitrary files outside the intended directory by crafting image paths in HTM...

6.9CVSS6.5AI score0.0027EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Directory Traversal

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Directory Traversal in the concatenatePaths function. An attacker can read arbitrary files outside the intended directory by crafting image paths in HTM...

6.9CVSS6.5AI score0.0027EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Information Exposure

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Information Exposure due to inconsistent filtering of active status and publication date in public API endpoints. An attacker can access non-public FAQ...

6.9CVSS6.1AI score0.00214EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Information Exposure

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Information Exposure due to inconsistent filtering of active status and publication date in public API endpoints. An attacker can access non-public FAQ...

6.9CVSS6.1AI score0.00214EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Command Injection

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

8.8CVSS6.2AI score0.00579EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the extract function of ZipArchiver due to missing limits on uncompressed...

7.1CVSS6.1AI score0.00249EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago6 views

Directory Traversal

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

6.8CVSS6.5AI score0.00259EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Directory Traversal

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

6.9CVSS6.5AI score0.00278EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Missing Authorization

Overview praisonai-platform is a Platform layer for PraisonAI — workspace, auth, issues, projects Affected versions of this package are vulnerable to Missing Authorization via the DELETE dependency route, which accepts either endpoint of a dependency edge and validates permissions only against th...

7.1CVSS6.1AI score0.00239EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago6 views

Missing Authorization

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

7.1CVSS6.1AI score0.00239EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Cross-site Scripting (XSS)

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the processUploadedFile function in the media upload API endpoint. An attacker can execute arbitrary JavaScript i...

5.1CVSS6.1AI score0.00141EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Malicious Package

Overview ag-charts-test is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Malicious Package

Overview @higherlogic/ocfe is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Malicious Package

Overview @genie-auth/config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Malicious Package

Overview babel-eslint-parser-legacy is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Malicious Package

Overview @att-ebiz/abs-components-bc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Malicious Package

Overview higherlogic-ocfe is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Malicious Package

Overview visa-cli-tools is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Malicious Package

Overview oem-agentic-shared is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Malicious Package

Overview ryan-pdf-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Malicious Package

Overview @amtrav/webservice is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Malicious Package

Overview motiondnb is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Total number of security vulnerabilities35665