Lucene search
+L

35936 matches found

snyk
snyk
•added 2026/06/30 5:25 p.m.•3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the pipeline.Author process. An attacker can execute unauthorized pipeline steps and exfiltrate CI secrets by setting the commit author name in a GitLab webhook payload to match an entry in the approval list,...

9.2CVSS6AI score0.00546EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 5:25 p.m.•3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the pipeline.Author process. An attacker can execute unauthorized pipeline steps and exfiltrate CI secrets by setting the commit author name in a GitLab webhook payload to match an entry in the approval list,...

9.2CVSS6AI score0.00546EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 5:25 p.m.•3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the pipeline.Author process. An attacker can execute unauthorized pipeline steps and exfiltrate CI secrets by setting the commit author name in a GitLab webhook payload to match an entry in the approval list,...

9.2CVSS6AI score0.00546EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 5:25 p.m.•5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the DeleteMultipleObjectsHandler process. An attacker can delete arbitrary objects in other tenants' buckets by supplying object keys containing ../ sequences in the DeleteObjects XML request body. This is possib...

8.1CVSS6.5AI score0.00766EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 5:25 p.m.•3 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the LookupOrg handler in the /api/orgs/lookup endpoint when unauthenticated requests are made. An attacker can cause repeated NULL pointer dereferences, resulting in excessive log entries and increased disk...

6.9CVSS6AI score0.00362EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 5:25 p.m.•3 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the LookupOrg handler in the /api/orgs/lookup endpoint when unauthenticated requests are made. An attacker can cause repeated NULL pointer dereferences, resulting in excessive log entries and increased disk...

6.9CVSS6AI score0.00362EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 5:25 p.m.•12 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the LookupOrg handler in the /api/orgs/lookup endpoint when unauthenticated requests are made. An attacker can cause repeated NULL pointer dereferences, resulting in excessive log entries and increased disk...

6.9CVSS6AI score0.00362EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 5:25 p.m.•3 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the LookupOrg handler in the /api/orgs/lookup endpoint when unauthenticated requests are made. An attacker can cause repeated NULL pointer dereferences, resulting in excessive log entries and increased disk...

6.9CVSS6AI score0.00362EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 5:25 p.m.•4 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the LookupOrg handler in the /api/orgs/lookup endpoint when unauthenticated requests are made. An attacker can cause repeated NULL pointer dereferences, resulting in excessive log entries and increased disk...

6.9CVSS6AI score0.00362EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 5:25 p.m.•4 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the LookupOrg handler in the /api/orgs/lookup endpoint when unauthenticated requests are made. An attacker can cause repeated NULL pointer dereferences, resulting in excessive log entries and increased disk...

6.9CVSS6AI score0.00362EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 5:25 p.m.•3 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the LookupOrg handler in the /api/orgs/lookup endpoint when unauthenticated requests are made. An attacker can cause repeated NULL pointer dereferences, resulting in excessive log entries and increased disk...

6.9CVSS6AI score0.00362EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 5:25 p.m.•3 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the LookupOrg handler in the /api/orgs/lookup endpoint when unauthenticated requests are made. An attacker can cause repeated NULL pointer dereferences, resulting in excessive log entries and increased disk...

6.9CVSS6AI score0.00362EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 4:44 p.m.•6 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through improper handling of URL query parameters in the Checkout process. An attacker can override administrator-defined server provisioning parameters by injecting arbitrary key-value...

8.5CVSS5.9AI score
Exploits0References3
snyk
snyk
•added 2026/06/30 3:59 p.m.•11 views

Malicious Package

Overview chai-as-persisted is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
•added 2026/06/30 3:56 p.m.•4 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the parsing process. An attacker can cause process termination by submitting a crafted OpenAPI document containing circular schema references. Remediation Upgrade Microsoft.OpenApi to version 2.7.5, 3.5.4 or...

8.7CVSS6AI score0.00695EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 3:56 p.m.•10 views

Malicious Package

Overview chai-as-assured is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
•added 2026/06/30 3:54 p.m.•6 views

Malicious Package

Overview brock-react-alerts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
•added 2026/06/30 3:54 p.m.•8 views

Malicious Package

Overview rebrandly-domains-digger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
•added 2026/06/30 3:54 p.m.•8 views

Malicious Package

Overview brock-loader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
•added 2026/06/30 3:54 p.m.•8 views

Malicious Package

Overview rebrandly-domains-search-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
•added 2026/06/30 3:54 p.m.•10 views

Malicious Package

Overview quoting is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
•added 2026/06/30 3:28 p.m.•5 views

Unsafe Dependency Resolution

Overview llamafactory is an Easy-to-use LLM fine-tuning framework Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the model path parameter in the WebUI Chat or Training interfaces. An attacker can execute arbitrary Python code on the server by supplying a...

9.8CVSS6.3AI score0.00497EPSS
Exploits2References2
snyk
snyk
•added 2026/06/30 3:28 p.m.•5 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the Gravitino UI process. An attacker can gain unauthorized access to or modify files by exploiting improper handling of SQL statements. Remediation Upgrade org.apache.gravitino:catalog-jdbc-common to version 1.0.0 or...

8.3CVSS6AI score0.00348EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 3:27 p.m.•1 views

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the --listen process due to inefficient HTTP body processing using repeated string concatenation, which results in quadratic time complexity. An attacker can cause excessive CPU usage and monopolize...

7.5CVSS6AI score0.00243EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 3:27 p.m.•7 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack via the Assertion Consumer Service ACS process. An attacker can gain unauthorized access by replaying previously captured SAML assertions during authentication. Remediation Upgrade...

9.5CVSS6AI score0.00291EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 3:27 p.m.•9 views

Incorrect Behavior Order

Overview @fastify/express is an Express compatibility layer for Fastify Affected versions of this package are vulnerable to Incorrect Behavior Order due to incorrect mount path prefix rewriting in the use middleware handling. An attacker can reach protected routes without the intended middleware ...

9.1CVSS6AI score0.00295EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 3:13 p.m.•13 views

Malicious Package

Overview nbmolviz-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
•added 2026/06/30 3:13 p.m.•11 views

Malicious Package

Overview setup-cicd is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
•added 2026/06/30 3:13 p.m.•7 views

Malicious Package

Overview postcss-property-rollup is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
•added 2026/06/30 3:13 p.m.•12 views

Malicious Package

Overview agent-starter-pack is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
•added 2026/06/30 3:13 p.m.•8 views

Malicious Package

Overview confluent-kafka-javascript is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
•added 2026/06/30 3:13 p.m.•10 views

Malicious Package

Overview livekit-agents is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
•added 2026/06/30 2:10 p.m.•6 views

Malicious Package

Overview rs-biginteger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
•added 2026/06/30 2:10 p.m.•7 views

Malicious Package

Overview ts-lint-builders-v2.1 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
•added 2026/06/30 2:10 p.m.•12 views

Malicious Package

Overview ts-linting-builder is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
•added 2026/06/30 12:25 p.m.•5 views

Improper Authorization

Overview org.apache.activemq:apache-activemq is a Message Broker and Client implementations. Affected versions of this package are vulnerable to Improper Authorization due to improper access control in the Web Console process. An attacker can gain unauthorized administrative privileges by accessi...

8.6CVSS5.8AI score0.0051EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 12:25 p.m.•5 views

Incorrect Calculation of Buffer Size

Overview org.apache.activemq:apache-activemq is a Message Broker and Client implementations. Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size via the STOMP protocol when a remote unauthenticated peer sends a negative content-length value. An attacker can...

7.5CVSS6AI score0.00844EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 12:25 p.m.•6 views

Incorrect Calculation of Buffer Size

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size via the STOMP protocol when a remote unauthenticated peer sends a negative content-length value. An attacker c...

7.5CVSS6AI score0.00844EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 12:25 p.m.•4 views

Incorrect Calculation of Buffer Size

Overview Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size via the STOMP protocol when a remote unauthenticated peer sends a negative content-length value. An attacker can exhaust system resources or force abnormal connection closure by continuously streamin...

7.5CVSS6AI score0.00844EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 12:25 p.m.•6 views

External Control of System or Configuration Setting

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to External Control of System or Configuration Setting in the LdapNetworkConnector process. An attacker can instantiat...

7.6CVSS5.8AI score0.00659EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 12:25 p.m.•5 views

External Control of System or Configuration Setting

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to External Control of System or Configuration Setting in the LdapNetworkConnector process. An attacker can instantiate unauthorized transports and...

7.6CVSS5.8AI score0.00659EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 12:25 p.m.•5 views

External Control of System or Configuration Setting

Overview org.apache.activemq:apache-activemq is a Message Broker and Client implementations. Affected versions of this package are vulnerable to External Control of System or Configuration Setting in the LdapNetworkConnector process. An attacker can instantiate unauthorized transports and trigger...

7.6CVSS5.8AI score0.00659EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 12:24 p.m.•6 views

Memory Allocation with Excessive Size Value

Overview org.apache.activemq:activemq-client is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the WireFormatInfo negotiation process. An attacker can cause the...

8.7CVSS5.8AI score0.00796EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 12:24 p.m.•6 views

Memory Allocation with Excessive Size Value

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the WireFormatInfo negotiation process. An attacker can cause the broker to allocate excessive memo...

8.7CVSS5.8AI score0.00796EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 12:24 p.m.•7 views

Memory Allocation with Excessive Size Value

Overview org.apache.activemq:apache-activemq is a Message Broker and Client implementations. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the WireFormatInfo negotiation process. An attacker can cause the broker to allocate excessive memory an...

8.7CVSS5.8AI score0.00796EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 12:24 p.m.•5 views

Memory Allocation with Excessive Size Value

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the unmarshalling process of OpenWire message property maps without proper size validation. An...

7.5CVSS5.8AI score0.00796EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 12:24 p.m.•5 views

Memory Allocation with Excessive Size Value

Overview org.apache.activemq:apache-activemq is a Message Broker and Client implementations. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the unmarshalling process of OpenWire message property maps without proper size validation. An attacker...

7.5CVSS5.8AI score0.00796EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 12:24 p.m.•5 views

Memory Allocation with Excessive Size Value

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the unmarshalling process of OpenWire message property maps without...

7.5CVSS5.8AI score0.00796EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 12:24 p.m.•6 views

Memory Allocation with Excessive Size Value

Overview org.apache.activemq:activemq-client is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the unmarshalling process of OpenWire message property maps without...

7.5CVSS5.8AI score0.00796EPSS
Exploits0References2
snyk
snyk
•added 2026/06/30 12:24 p.m.•6 views

Missing Authorization

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Missing Authorization in the process that manages temporary destinations. An attacker can gain unauthorized access ...

8.2CVSS5.8AI score0.00589EPSS
Exploits0References2
Total number of security vulnerabilities35936