Lucene search
+L

35936 matches found

snyk
snyk
added 2026/07/01 6:18 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview github.com/elastic/fleet-server/internal/pkg/api is a control server to manage a fleet of elastic-agents. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the upload endpoint. An attacker can exhaust system memory by submitting...

7.5CVSS6AI score0.00312EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 6:18 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview github.com/elastic/fleet-server/v7/internal/pkg/api is a control server to manage a fleet of elastic-agents. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the upload endpoint. An attacker can exhaust system memory by submitti...

7.5CVSS6AI score0.00312EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 6:18 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the upload endpoint. An attacker can exhaust system memory by submitting specially crafted requests, potentially causing the service to become unavailable. Remediation Upgrade...

7.5CVSS6AI score0.00312EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 6:18 p.m.3 views

Uncontrolled Recursion

Overview org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Uncontrolled Recursion in the query processing. An authenticated attacker can submit a specially crafted query that causes excessive resource consumption during...

7.1CVSS6AI score0.00347EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 6:18 p.m.7 views

Deserialization of Untrusted Data

Overview ray is an A system for parallel and distributed Python that unifies the ML ecosystem. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the readwebdataset function. An attacker can execute arbitrary code on remote workers by supplying a specially...

8.8CVSS6.4AI score0.00493EPSS
Exploits1References2
snyk
snyk
added 2026/07/01 6:17 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Fleet policy input. An attacker can cause the Fleet agent, server, an...

7.1CVSS6AI score0.00281EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 6:16 p.m.5 views

Server-side Request Forgery (SSRF)

Overview auth-fetch-mcp is a MCP server that lets AI read Notion, Google Docs, Jira & any login-protected page via a real browser Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isPrivateV6 function, which fails to properly detect IPv4-mapped IPv6...

7.4CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 6:14 p.m.3 views

Server-side Request Forgery (SSRF)

Overview @jshookmcp/jshook is a MCP server with built-in tools across multiple domains for AI-assisted JavaScript analysis and security analysis — browser automation, CDP debugging, network monitoring, JS hooks, code analysis, and workflow orchestration Affected versions of this package are...

5.3CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 5:57 p.m.5 views

Missing Authorization

Overview org.geonetwork-opensource:gn-services is a GeoNetwork Services. Affected versions of this package are vulnerable to Missing Authorization due to the omission of the query field in the request body, which causes the access-control filter-injection process to be skipped. An attacker can...

8.7CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 4:19 p.m.8 views

Deserialization of Untrusted Data

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialization process. An attacker can execute arbitrary code, escalate privileges, tamper with dat...

8.5CVSS6.1AI score0.00165EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 4:19 p.m.7 views

Deserialization of Untrusted Data

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the deserialization process. An attacker can execute arbitrary code, escalate privileges, tamper with data...

8.5CVSS6.1AI score0.00154EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 4:19 p.m.6 views

Deserialization of Untrusted Data

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the deserialization process. An attacker can execute arbitrary code, escalate privileges, tamper with data...

8.5CVSS6.1AI score0.00175EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 4:19 p.m.7 views

Server-side Request Forgery (SSRF)

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request process. An attacker can access internal resources and potentially disclose sensitive...

8.5CVSS5.9AI score0.00148EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 4:19 p.m.8 views

Deserialization of Untrusted Data

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the process responsible for dynamically managing code resources. An attacker can execute arbitrary code,...

8.5CVSS6.2AI score0.00155EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 4:19 p.m.4 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview nvidia-pytriton is a PyTriton - Flask/FastAPI-like interface to simplify Triton's deployment in Python environments. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the improper handling of highly compressed data. An...

8.7CVSS6AI score0.00774EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 4:19 p.m.6 views

Deserialization of Untrusted Data

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialization process. An attacker can execute arbitrary code, escalate privileges, tamper with dat...

8.5CVSS6.1AI score0.00169EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 4:19 p.m.15 views

Deserialization of Untrusted Data

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialization process. An attacker can execute arbitrary code, escalate privileges, tamper with dat...

8.5CVSS6.1AI score0.00154EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 4:19 p.m.6 views

Use After Free

Overview nvidia-pytriton is a PyTriton - Flask/FastAPI-like interface to simplify Triton's deployment in Python environments. Affected versions of this package are vulnerable to Use After Free via the process handling memory management. An attacker can cause the application to crash or become...

8.2CVSS6AI score0.00717EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 4:19 p.m.6 views

Arbitrary Code Injection

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Arbitrary Code Injection in the code generation process. An attacker can execute arbitrary code, escalate privileges, tamper with data, and...

8.5CVSS6.2AI score0.00175EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 4:19 p.m.9 views

Arbitrary Code Injection

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Arbitrary Code Injection via the deserialization process. An attacker can execute arbitrary code, escalate privileges, tamper with data, and...

8.5CVSS6.1AI score0.00164EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 4:19 p.m.8 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' in the process responsible for dynamically managing code...

8.5CVSS6AI score0.00169EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 4:19 p.m.7 views

Deserialization of Untrusted Data

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Deserialization of Untrusted Data via improper validation of allowed inputs. An attacker can execute arbitrary code, escalate privileges, tampe...

8.5CVSS6.1AI score0.00155EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 3:34 p.m.5 views

Improper Input Validation

Overview pretix is a Reinventing presales, one ticket at a time Affected versions of this package are vulnerable to Improper Input Validation via improper validation of session parameters in the payment integration plugins and the use of shared cryptographic keys and salts across unrelated...

9.9CVSS6AI score0.00239EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 2:34 p.m.3 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through a race condition in the process. An attacker can execute arbitrary code, escalate privileges, and tamper with data by exploiting the timing window between security checks and use o...

8.5CVSS6.3AI score0.00489EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 2:23 p.m.8 views

Relative Path Traversal

Overview clearml is a ClearML - Auto-Magical Experiment Manager, Version Control, and MLOps for AI Affected versions of this package are vulnerable to Relative Path Traversal via the StorageManager.extracttocache process. An attacker can write arbitrary files to the filesystem by uploading a...

4.8CVSS6.7AI score0.00357EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 1:19 p.m.8 views

Uncaught Exception

Overview @fastify/middie is a Middleware engine for Fastify Affected versions of this package are vulnerable to Uncaught Exception in the URL normalization process when handling malformed percent-encoded sequences in incoming request paths. An attacker can cause the Node.js process to terminate...

8.7CVSS6AI score0.00291EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 1:18 p.m.7 views

Interpretation Conflict

Overview @fastify/middie is a Middleware engine for Fastify Affected versions of this package are vulnerable to Interpretation Conflict via the path parameter handling process. An attacker can gain unauthorized access to protected route handlers by sending a crafted URL containing an encoded slas...

9.3CVSS6AI score0.00299EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 12:29 p.m.4 views

Authorization Bypass Through User-Controlled Key

Amendment This was deemed not a vulnerability. Overview foreman is a complete lifecycle management tool for physical and virtual servers. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper validation of nested request parameters in th...

5.3CVSS6AI score0.00231EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 12:28 p.m.6 views

Incorrect Privilege Assignment

Amendment This was deemed not a vulnerability. Overview foreman is a complete lifecycle management tool for physical and virtual servers. Affected versions of this package are vulnerable to Incorrect Privilege Assignment via manipulation of the Usergroup process. An attacker can gain...

8.8CVSS6AI score0.00297EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 6:11 a.m.12 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the process that handles user requests without proper validation of request origin. An attacker can perform unauthorized actions on behalf of authenticated users by tricking them into submitting...

8.3CVSS6AI score0.00088EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 6:9 a.m.7 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper handling of user-supplied input in the map format. An attacker can execute arbitrary JavaScript code in the context of users viewing affected pages by injecting malicious payloads. Details Cross-sit...

8.3CVSS5.8AI score0.00134EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 5:45 a.m.4 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the SceneCombiner::Copy function when processing a specially crafted model file. An attacker can cause the application to crash or access sensitive information by supplying a malicious file and convincing a user o...

6.1CVSS6.1AI score0.00123EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:20 p.m.7 views

Incomplete List of Disallowed Inputs

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the reduce method during deserialization. An attacker can execute arbitrary operating system commands ...

7.6CVSS6.2AI score0.00552EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:20 p.m.9 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the cProfile.run function during pickle deserialization. An attacker can execute arbitrary code by...

8.1CVSS6.1AI score0.00585EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:20 p.m.9 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the torch.utils.collectenv.run function in reduce methods. An attacker can execute arbitrary remote...

8.1CVSS6.2AI score0.00395EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:20 p.m.5 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the trace.Trace.run process. An attacker can execute arbitrary code by crafting a malicious pickle file th...

8.1CVSS6.1AI score0.00562EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:20 p.m.5 views

Protection Mechanism Failure

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Protection Mechanism Failure via the trace.Trace.runctx function. An attacker can execute arbitrary code by crafting a malicious pickle file th...

8.1CVSS6.5AI score0.00637EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:20 p.m.5 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the doctest.debugscript function. An attacker can execute arbitrary commands by crafting malicious pickle...

8.1CVSS6AI score0.00769EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:20 p.m.7 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the run function in the profile.Profile class when used in pickle reduce methods. An attacker can execute...

8.1CVSS6.1AI score0.00638EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:20 p.m.6 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the code.InteractiveInterpreter process in reduce methods. An attacker can execute arbitrary code by...

8.1CVSS6.1AI score0.00499EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:20 p.m.9 views

Uncontrolled Search Path Element

Overview app-builder-bin is an app-builder precompiled binaries Affected versions of this package are vulnerable to Uncontrolled Search Path Element through the execWine/executeAppBuilder command path in builder-util and app-builder-lib on non-Windows systems. An attacker can execute...

7.8CVSS6.3AI score0.00129EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:20 p.m.9 views

Uncontrolled Search Path Element

Overview app-builder-lib is an electron-builder lib Affected versions of this package are vulnerable to Uncontrolled Search Path Element through the execWine/executeAppBuilder command path in builder-util and app-builder-lib on non-Windows systems. An attacker can execute attacker-controlled...

7.8CVSS6.3AI score0.00129EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:19 p.m.11 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the HttpExecutor.prepareRedirectUrlOptions process. An attacker can obtain sensitive credentials, such as GitLab's PRIVATE-TOKEN or mixed-case Authorization headers, by leveraging a...

8.2CVSS6AI score0.00235EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:19 p.m.9 views

Heap-based Buffer Overflow

Overview json is a JSON implementation as a Ruby extension in C. Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the JSON.dump or JSON::Stategenerate process when streaming oversized attacker-controlled strings to an IO object. An attacker can cause a process...

6.3CVSS5.8AI score0.00301EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:18 p.m.7 views

Cross-site Scripting (XSS)

Overview @n8n/n8n-nodes-langchain is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ChatTrigger template rendering in ChatTrigger/templates.ts. An authenticated user who can create or edit workflows can inject malicious JavaScript by supplying crafted Custo...

5.4CVSS5.7AI score0.00177EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:16 p.m.3 views

Directory Traversal

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

4.8CVSS6.5AI score0.00164EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:16 p.m.3 views

Directory Traversal

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

4.8CVSS6.5AI score0.00164EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:16 p.m.3 views

Directory Traversal

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

4.8CVSS6.5AI score0.00164EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:16 p.m.3 views

Directory Traversal

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

4.8CVSS6.5AI score0.00164EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:16 p.m.3 views

Directory Traversal

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

4.8CVSS6.5AI score0.00164EPSS
Exploits0References2
Total number of security vulnerabilities35936