Lucene search
+L

35936 matches found

snyk
snyk
added 2026/06/30 11:16 p.m.4 views

Directory Traversal

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

4.8CVSS6.5AI score0.00164EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:16 p.m.5 views

Directory Traversal

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

4.8CVSS6.5AI score0.00164EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:16 p.m.3 views

Directory Traversal

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

4.8CVSS6.5AI score0.00164EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:16 p.m.6 views

Directory Traversal

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

4.8CVSS6.5AI score0.00164EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:16 p.m.2 views

Directory Traversal

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

4.8CVSS6.5AI score0.00164EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:16 p.m.4 views

Directory Traversal

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

4.8CVSS6.5AI score0.00164EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:16 p.m.4 views

Directory Traversal

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

4.8CVSS6.5AI score0.00164EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:16 p.m.3 views

Directory Traversal

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

4.8CVSS6.5AI score0.00164EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:16 p.m.3 views

Directory Traversal

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

4.8CVSS6.5AI score0.00164EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:16 p.m.3 views

Directory Traversal

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

4.8CVSS6.5AI score0.00164EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:16 p.m.3 views

Directory Traversal

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

4.8CVSS6.5AI score0.00164EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:16 p.m.4 views

Directory Traversal

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

4.8CVSS6.5AI score0.00164EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:16 p.m.3 views

Directory Traversal

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

4.8CVSS6.5AI score0.00164EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:16 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via incorrect validation of file paths in the security policy.relevant. An attacker can create or truncate files outside of intended directories by bypassing configured path restrictions. Details A Directory Traversa...

4.8CVSS6.5AI score0.00164EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:16 p.m.5 views

Improper Privilege Management

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Improper Privilege Management in the updatePermissions process. An attacker can gain unauthorized administrative privileges by assigning high-value...

8.8CVSS5.8AI score0.00325EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:16 p.m.6 views

Improper Privilege Management

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Improper Privilege Management in the updatePermissions process. An attacker can gain unauthorized administrative privileges by assigning high-value...

8.8CVSS5.8AI score0.00325EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:16 p.m.4 views

Incomplete List of Disallowed Inputs

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs for the Python Code node when the Python Task Runner is enabled. A user with permission to create or modify workflows can evade the validator and reach the task...

5.3CVSS6.1AI score0.00245EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 10:56 p.m.4 views

Deserialization of Untrusted Data

Overview com.mchange:c3p0 is a mature, highly concurrent JDBC Connection pooling library, with support for caching and reuse of PreparedStatements. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the deserialization process. An attacker can execute arbitra...

7.5CVSS6.3AI score0.00284EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 10:20 p.m.7 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the worklist server process. An attacker can cause the server to crash by sending a specially crafted query when the server is configured with a valid Called AE Title,...

8.7CVSS5.8AI score0.00395EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 10:20 p.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the bit-preserving C-GET storage mode process. An attacker can write files outside the intended output directory by sending specially crafted relative ../ or absolute file paths from a malicious or compromised...

9.8CVSS6.5AI score0.00435EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 10:20 p.m.5 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via repeated crafted connection requests to the process. An attacker can cause memory to be leaked by sending multiple specially crafted requests, which may eventually exhaust system...

8.7CVSS5.8AI score0.00379EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 10:20 p.m.7 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via the storescp process. An attacker can cause memory to be leaked by repeatedly sending crafted connection requests, which may result in the service being terminated and unavailable f...

8.7CVSS5.8AI score0.00379EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 10:19 p.m.7 views

Arbitrary Code Injection

Overview txtai is an All-in-one open-source AI framework for semantic search, LLM orchestration and language model workflows Affected versions of this package are vulnerable to Arbitrary Code Injection via the function parameter in the /reindex API endpoint when it is resolved through the Resolve...

9.8CVSS6.6AI score0.00725EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 7:11 p.m.5 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition through the payWithCredit process. An attacker can bypass credit balance restrictions by sending concurrent payment requests, resulting in multiple invoices being paid using the same credit balance. Remediation Upgrade...

6CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/06/30 6:40 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to path and method values taken directly from incoming requests. An attacker can exhaust server memory and trigger an OOM by sending requests with arbitrary URL paths or custom HT...

8.7CVSS6.1AI score
Exploits0References2
snyk
snyk
added 2026/06/30 6:40 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to path and method values taken directly from incoming requests. An attacker can exhaust server memory and trigger an OOM by sending requests with arbitrary URL paths or custom HT...

8.7CVSS6.1AI score
Exploits0References2
snyk
snyk
added 2026/06/30 6:36 p.m.7 views

Directory Traversal

Overview CefSharp.Common is a the CefSharp Chromium-based browser component 'Core' and common 'Element' components, needed by both WPF and WinForms. Affected versions of this package are vulnerable to Directory Traversal in FolderSchemeHandlerFactory through the URI-to-file-path resolution in...

6.9CVSS6.6AI score
Exploits0References2
snyk
snyk
added 2026/06/30 6:34 p.m.9 views

Prototype Pollution

Overview @adonisjs/bodyparser is a BodyParser middleware for AdonisJS http server to read and parse request body Affected versions of this package are vulnerable to Prototype Pollution via the BodyParserMiddleware process. An attacker can modify the Object.prototype globally by sending specially...

8.8CVSS6.3AI score0.00148EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 6:31 p.m.3 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect in the saferedirect process. An attacker can redirect users to an external domain by crafting a malicious continue parameter or embedding a malicious URL in a session-transfer token, which can be interpreted by browsers as...

5.3CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/06/30 6:31 p.m.5 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect in the saferedirect process. An attacker can redirect users to an external domain by crafting a malicious continue parameter or embedding a malicious URL in a session-transfer token, which can be interpreted by browsers as...

5.3CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/06/30 6:12 p.m.8 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the getEnvVarlist function and the process that merges user-supplied PodSpec fields. An attacker can access sensitive secret values and escalate privileges by creating a specially crafted MessageQueueTrigger th...

8.6CVSS6.1AI score
Exploits0References3
snyk
snyk
added 2026/06/30 6:12 p.m.7 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the getEnvVarlist function and the process that merges user-supplied PodSpec fields. An attacker can access sensitive secret values and escalate privileges by creating a specially crafted MessageQueueTrigger th...

8.6CVSS6.1AI score
Exploits0References3
snyk
snyk
added 2026/06/30 6:12 p.m.7 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the getEnvVarlist function and the process that merges user-supplied PodSpec fields. An attacker can access sensitive secret values and escalate privileges by creating a specially crafted MessageQueueTrigger th...

8.6CVSS6.1AI score
Exploits0References3
snyk
snyk
added 2026/06/30 6:10 p.m.8 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the integratedTime verification process. An attacker can bypass certificate validity checks by providing a bundle with a manipulated integrated time, potentially allowing the reuse of ...

2.4CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/06/30 6:9 p.m.6 views

Incorrect Authorization

Overview @cedar-policy/authorization-for-expressjs is a Middlewares to authorize expressJS applications with Cedar Affected versions of this package are vulnerable to Incorrect Authorization through improper matching of incoming requests using req.originalUrl. An attacker can gain unauthorized...

8.8CVSS6AI score
Exploits0References3
snyk
snyk
added 2026/06/30 6:7 p.m.5 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to improper application of privilege reduction in the process and insufficient permission restrictions on the FastCGI unix socket. An attacker can gain unauthorized access or...

8.4CVSS6AI score
Exploits0References3
snyk
snyk
added 2026/06/30 6:7 p.m.9 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to improper application of privilege reduction in the process and insufficient permission restrictions on the FastCGI unix socket. An attacker can gain unauthorized access or...

8.4CVSS6AI score
Exploits0References3
snyk
snyk
added 2026/06/30 6:7 p.m.7 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to improper application of privilege reduction in the process and insufficient permission restrictions on the FastCGI unix socket. An attacker can gain unauthorized access or...

8.4CVSS6AI score
Exploits0References3
snyk
snyk
added 2026/06/30 5:26 p.m.5 views

Improper Preservation of Permissions

Overview Affected versions of this package are vulnerable to Improper Preservation of Permissions due to improper clean-up in the legacy Project Role Template Binding reconciler. An attacker can retain unauthorized Pod Security Admission permissions by leveraging stale ClusterRoleBinding objects...

6.9CVSS6AI score0.00229EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 5:26 p.m.4 views

Improper Preservation of Permissions

Overview Affected versions of this package are vulnerable to Improper Preservation of Permissions due to improper clean-up in the legacy Project Role Template Binding reconciler. An attacker can retain unauthorized Pod Security Admission permissions by leveraging stale ClusterRoleBinding objects...

6.9CVSS6AI score0.00229EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 5:26 p.m.4 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the FleetWorkspace mutating webhook admission path. An attacker can create unauthorized Kubernetes namespaces and inject arbitrary RBAC policies by submitting crafted admission payloads t...

7.1CVSS6AI score0.00232EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 5:26 p.m.6 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the ImageScan process in the GitRepo path handler. An attacker can access files outside the intended directory and potentially cause a denial of service by submitting crafted paths. Remediation Upgrade...

5.3CVSS6AI score0.00292EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 5:26 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the POST /api/n9e/datasource/list route, which lacks proper authorization checks. An attacker can obtain sensitive credentials, such as database passwords, HTTP bearer tokens, and mTLS client keys, by sending...

7.1CVSS6AI score0.00238EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 5:26 p.m.4 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the POST /api/n9e/datasource/list route, which lacks proper authorization checks. An attacker can obtain sensitive credentials, such as database passwords, HTTP bearer tokens, and mTLS client keys, by sending...

7.1CVSS6AI score0.00238EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 5:26 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the ApplyCreate function in controller/model/enrollmentmanager.go. An attacker can gain full administrative control by creating enrollments for any identity, including the default administrator, and redeeming t...

8.8CVSS6AI score0.00244EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 5:26 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the ApplyCreate function in controller/model/enrollmentmanager.go. An attacker can gain full administrative control by creating enrollments for any identity, including the default administrator, and redeeming t...

8.8CVSS6AI score0.00244EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 5:26 p.m.9 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the WebSocket upgrade request handling process. An attacker can gain unauthorized access to downstream services by sending specially crafted WebSocket upgrade requests that...

9.3CVSS6AI score0.00412EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 5:26 p.m.11 views

Missing Authorization

Overview deeptutor is an An agent-native intelligent learning companion with multi-agent collaboration and RAG Affected versions of this package are vulnerable to Missing Authorization via the allowedmcptools function in deeptutor/multiuser/toolaccess.py. An attacker can gain unauthorized access ...

8.8CVSS6AI score0.00412EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 5:25 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the writeJson process. An attacker can access sensitive information by exploiting the lack of validation on the callback parameter in JSONP responses, allowing cross-origin data retrieval through a crafted...

3.1CVSS5.7AI score0.0021EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 5:25 p.m.4 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the pipeline.Author process. An attacker can execute unauthorized pipeline steps and exfiltrate CI secrets by setting the commit author name in a GitLab webhook payload to match an entry in the approval list,...

9.2CVSS6AI score0.00546EPSS
Exploits0References2
Total number of security vulnerabilities35936