Lucene search
K

35565 matches found

Snyk
Snyk
added 4 days ago0 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the IPAllowlist function in the accesscontrol.go component. An attacker can gain unauthorized access and potentially compromise confidentiality, integrity, and availability by sending crafted requests remotely...

7.5CVSS7AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago0 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the IPAllowlist function in the accesscontrol.go component. An attacker can gain unauthorized access and potentially compromise confidentiality, integrity, and availability by sending crafted requests remotely...

7.5CVSS7AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago0 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the rt.ReloadConfig function when processing the message.send argument. An attacker can cause unauthorized configuration reloads and potentially disrupt service integrity and availability by sending crafted...

5.5CVSS6.2AI score0.00234EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago0 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the rt.ReloadConfig function when processing the message.send argument. An attacker can cause unauthorized configuration reloads and potentially disrupt service integrity and availability by sending crafted...

5.5CVSS6.2AI score0.00234EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago0 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the rt.ReloadConfig function when processing the message.send argument. An attacker can cause unauthorized configuration reloads and potentially disrupt service integrity and availability by sending crafted...

5.5CVSS6.2AI score0.00234EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Malicious Package

Overview @luminarycloudinternal/frodo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Malicious Package

Overview @luminarycloudinternal/lcvis-st is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Malicious Package

Overview cursed-ecto-d3ab00 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Malicious Package

Overview unreal-horde-dashboard is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Malicious Package

Overview ue-jenkins-buildkite is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Malicious Package

Overview ue-automation-scripts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Malicious Package

Overview robomerge is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Malicious Package

Overview epic-internal-tools is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Malicious Package

Overview searchresults is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago6 views

Malicious Package

Overview voyager-web is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Malicious Package

Overview @businessapp-microsites/apis is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Malicious Package

Overview workspace-scripts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Malicious Package

Overview workspace-lint is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Malicious Package

Overview nodemon-patch is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Malicious Package

Overview nodemon-gulp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Malicious Package

Overview nodepack-daemon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago6 views

Malicious Package

Overview crypto-promiser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Malicious Package

Overview paperclip-adapter-helpers is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Malicious Package

Overview vps-new-manager is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago0 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the WebFetchTool.Execute function in the Guarded Web Fetch Flow process. An attacker can make the server initiate arbitrary HTTP requests to internal or external resources by supplying crafted URLs...

7.5CVSS6.7AI score0.00247EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago0 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the WebFetchTool.Execute function in the Guarded Web Fetch Flow process. An attacker can make the server initiate arbitrary HTTP requests to internal or external resources by supplying crafted URLs...

7.5CVSS6.7AI score0.00247EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago0 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the WebFetchTool.Execute function in the Guarded Web Fetch Flow process. An attacker can make the server initiate arbitrary HTTP requests to internal or external resources by supplying crafted URLs...

7.5CVSS6.7AI score0.00247EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago0 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the MQTT Channel Handler process due to improper handling of the clientid argument. An attacker can gain unauthorized access and perform actions with insufficient authorization by sending crafted requests...

6.5CVSS6.7AI score0.00214EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago0 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the MQTT Channel Handler process due to improper handling of the clientid argument. An attacker can gain unauthorized access and perform actions with insufficient authorization by sending crafted requests...

6.5CVSS6.7AI score0.00214EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago6 views

Symlink Attack

Overview decompress is a package that can be used for extracting archives. Affected versions of this package are vulnerable to Symlink Attack via the fs.link process. An attacker can gain unauthorized access to sensitive files or corrupt file contents by crafting an archive containing a hardlink...

6.9CVSS6.1AI score0.00196EPSS
Exploits1References2
Snyk
Snyk
added 4 days ago6 views

Symlink Attack

Overview decompress is a package that can be used for extracting archives. Affected versions of this package are vulnerable to Symlink Attack in the symlink handling process. An attacker can create arbitrary symbolic links outside the intended extraction directory by crafting an archive with...

7.5CVSS6.2AI score0.00485EPSS
Exploits1References2
Snyk
Snyk
added 4 days ago9 views

Directory Traversal

Overview decompress is a package that can be used for extracting archives. Affected versions of this package are vulnerable to Directory Traversal via improper validation in the safeMakeDir function and extraction path validation process. An attacker can write arbitrary files outside the intended...

8.7CVSS6.5AI score0.00272EPSS
Exploits1References2
Snyk
Snyk
added 4 days ago3 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the admin.php configuration update process. An attacker can modify administrator settings by tricking a logged-in administrator into submitting a forged POST request, which disables the file...

8.8CVSS6.2AI score0.00175EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ntitle parameter in the PFS module, which is processed through the TXT filter in pfs.main.php. An attacker can execute arbitrary scripts in the browser of users who view the affected folder listing by...

5.4CVSS6.2AI score0.00136EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Unsafe Dependency Resolution

Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution when the gh codespace jupyter process opens a JupyterLab URL supplied by a process inside a Codespace without validating that it is a loopback HTTP or HTTPS address. An attacker can execute arbitrary command...

4.4CVSS6.3AI score0.00198EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the validation process for BGP UPDATE messages containing an empty ASPATH attribute. An attacker can cause a panic and terminate the peer session by sending a malformed UPDATE with a zero-length...

8.2CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the validation process for BGP UPDATE messages containing an empty ASPATH attribute. An attacker can cause a panic and terminate the peer session by sending a malformed UPDATE with a zero-length...

8.2CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the validation process for BGP UPDATE messages containing an empty ASPATH attribute. An attacker can cause a panic and terminate the peer session by sending a malformed UPDATE with a zero-length...

8.2CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the BGP OPEN capability parsing process. An attacker can influence peer AS validation and capability negotiation by sending a specially crafted BGP OPEN message with a malformed capability length, causing the parse...

8.2CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the BGP OPEN capability parsing process. An attacker can influence peer AS validation and capability negotiation by sending a specially crafted BGP OPEN message with a malformed capability length, causing the parse...

8.2CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the BGP OPEN capability parsing process. An attacker can influence peer AS validation and capability negotiation by sending a specially crafted BGP OPEN message with a malformed capability length, causing the parse...

8.2CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago5 views

External Control of File Name or Path

Overview psd-tools is a Python package for working with Adobe Photoshop PSD files as described in specification. Affected versions of this package are vulnerable to External Control of File Name or Path through the save and open functions. An attacker can write arbitrary files to attacker-chosen...

4.6CVSS6.2AI score
Exploits0References3
Snyk
Snyk
added 5 days ago5 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity due to improper validation in the threshold counting process. An attacker can bypass multi-log threshold requirements by compromising a single log and forging multiple entries or...

8.2CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago5 views

External Control of File Name or Path

Overview py-rattler is an A blazing fast library to work with the conda ecosystem Affected versions of this package are vulnerable to External Control of File Name or Path via the build string in package metadata during cache materialization. An attacker can cause files to be written outside the...

5.4CVSS6.1AI score0.00033EPSS
Exploits0References3
Snyk
Snyk
added 5 days ago4 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect in the redirect URL validation process. An attacker can cause users to be redirected to arbitrary external sites by crafting a specially formatted URL that bypasses host and schema checks using a double slash prefix in the...

5.1CVSS6.2AI score
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization due to insufficient permission checks on the configuration-view/detail/create endpoint. An attacker can gain unauthorized access to create class definitions and potentially escalate privileges by sending crafted...

7.1CVSS6.1AI score0.00199EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Weak Password Recovery Mechanism for Forgotten Password

Overview Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via the resetPasswordUrl parameter in the password reset process. An attacker can gain unauthorized access to any administrator account and bypass two-factor authentication by...

8.8CVSS6.1AI score0.0035EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the key parameter in the columnFilters array, which is directly interpolated into SQL queries with manual backtick wrapping. An attacker can extract sensitive database information, including password hashes, by injecti...

7.7CVSS6.1AI score0.00249EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Malicious Package

Overview @kl-starfish/test-01 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Authorization Bypass Through User-Controlled Key

Overview sylius/sylius is a platform for PHP, based on Symfony framework. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GET /api/v2/shop/payment-requests/hash, PUT /api/v2/shop/payment-requests/hash, and POST...

6.3CVSS6.1AI score
Exploits0References2
Total number of security vulnerabilities35565