Lucene search
+L

35936 matches found

snyk
snyk
added 2026/06/30 12:24 p.m.8 views

Missing Authorization

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Missing Authorization in the process that manages temporary destinations. An attacker can gain unauthorized access to consume messages from another...

8.2CVSS5.8AI score0.00589EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 12:24 p.m.7 views

Missing Authorization

Overview org.apache.activemq:apache-activemq is a Message Broker and Client implementations. Affected versions of this package are vulnerable to Missing Authorization in the process that manages temporary destinations. An attacker can gain unauthorized access to consume messages from another user...

8.2CVSS5.8AI score0.00589EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 12:21 p.m.4 views

Memory Allocation with Excessive Size Value

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the STOMP NIO codec process. An attacker can cause the broker to buffer unbounded header data,...

8.7CVSS6AI score0.00796EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 12:21 p.m.5 views

Memory Allocation with Excessive Size Value

Overview org.apache.activemq:apache-activemq is a Message Broker and Client implementations. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value. via the STOMP NIO codec process. An attacker can cause the broker to buffer unbounded header data, leading ...

8.7CVSS6AI score0.00796EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 12:21 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the OpenWire process. An attacker can exhaust system memory...

7.5CVSS5.8AI score0.00707EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 12:21 p.m.5 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the STOMP NIO codec process. An attacker can cause the broker to buffer unbounded header data, leading to exhaustion of the JVM heap by sending header bytes that never terminate over a STO...

8.7CVSS6AI score0.00796EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 12:21 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview org.apache.activemq:apache-activemq is a Message Broker and Client implementations. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the OpenWire process. An attacker can exhaust system memory by repeatedly sending BrokerInfo...

7.5CVSS5.8AI score0.00707EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 12:21 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the OpenWire process. An attacker can exhaust system memory by repeatedly sending BrokerInf...

7.5CVSS5.8AI score0.00707EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 12:21 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of the browse page in the web console, where message IDs are displayed without proper sanitization. An attacker can execute arbitrary HTML or JavaScript code in the browser of an administrator b...

6.1CVSS5.9AI score0.00667EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 12:21 p.m.4 views

Cross-site Scripting (XSS)

Overview org.apache.activemq:apache-activemq is a Message Broker and Client implementations. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of the browse page in the web console, where message IDs are displayed without proper sanitization. An attacke...

6.1CVSS5.9AI score0.00667EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 12:1 p.m.3 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the FuzzyMatchV2 function. An attacker can cause the application to terminate unexpectedly by supplying a specially crafted input of approximately 2.2 million bytes with a 999-byte pattern to a running...

7.5CVSS6AI score0.00243EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:49 a.m.6 views

Incorrect Privilege Assignment

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the Identity Provider mapper process. An attacker can gain unauthorized...

8.5CVSS6AI score0.00233EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:25 a.m.4 views

Inefficient Algorithmic Complexity

Overview org.webjars.npm:brace-expansion is a WebJar for brace-expansion. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the expand function. An attacker can cause excessive CPU consumption and block the event loop by supplying a specially crafted strin...

8.7CVSS6.3AI score0.00361EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:25 a.m.7 views

Inefficient Algorithmic Complexity

Overview brace-expansion is a Brace expansion as known from sh/bash Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the expand function. An attacker can cause excessive CPU consumption and block the event loop by supplying a specially crafted string...

8.7CVSS6.3AI score0.00361EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 11:8 a.m.5 views

Authorization Bypass Through User-Controlled Key

Overview @keycloakify/keycloak-admin-ui is a Repackaged Keycloak Admin UI a href="https://github.com/keycloakify/keycloak-adm Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the BruteForceUsersResource process. An attacker can access sensiti...

5.3CVSS6AI score0.00173EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 12:14 a.m.4 views

Directory Traversal

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Directory Traversal via the resourcename parameter in the load or find functions. An attacker can access arbitrary files on the system by...

8.7CVSS7.6AI score0.0051EPSS
Exploits1References2
snyk
snyk
added 2026/06/29 10:53 p.m.3 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the checkUserPassword process. An attacker can execute arbitrary queries on the backend database by injecting specially crafted input into the password field of a Graph...

8.7CVSS6.2AI score0.00484EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 10:53 p.m.5 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the checkUserPassword process. An attacker can execute arbitrary queries on the backend database by injecting specially crafted input into the password field of a Graph...

8.7CVSS6.2AI score0.00484EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 10:23 p.m.4 views

Cross-site Scripting (XSS)

Overview org.apache.tomcat:tomcat is an implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the number guess process. An attacker can execute arbitrary...

6.1CVSS6.2AI score0.02569EPSS
Exploits1References2
snyk
snyk
added 2026/06/29 10:23 p.m.5 views

Always-Incorrect Control Flow Implementation

Overview org.apache.tomcat:tomcat is an implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to incorrect control flow in the RewriteValv...

7.3CVSS5.8AI score0.00413EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 10:23 p.m.6 views

Always-Incorrect Control Flow Implementation

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to incorrect control flow in the RewriteValve process. An attacker can bypass intended rewrite rules by crafting...

7.3CVSS5.8AI score0.00413EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 10:23 p.m.5 views

Always-Incorrect Control Flow Implementation

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to incorrect control flow in the RewriteValve process. An attacker can bypass...

7.3CVSS5.8AI score0.00413EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 10:23 p.m.10 views

Improper Authorization

Overview org.apache.tomcat:tomcat is an implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. Affected versions of this package are vulnerable to Improper Authorization due to the improper enforcement of security constraints in the default...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 10:23 p.m.6 views

Always-Incorrect Control Flow Implementation

Overview org.apache.tomcat:tomcat-util is a Common code shared by multiple Tomcat components. Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to the incomplete logging of the effective web.xml when special roles and empty authorization...

9.1CVSS5.9AI score0.00368EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 10:23 p.m.7 views

Improper Authorization

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Authorization due to the improper enforcement of security constraints in the default servlet when certain HTTP methods or method omissions are configure...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 10:23 p.m.12 views

Improper Authorization

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Authorization due to the improper enforcement of security constraints in the default servlet when certain HTTP methods or...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 10:23 p.m.7 views

Always-Incorrect Control Flow Implementation

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to the incomplete logging of the effective web.xml when special roles and empty authorization constraints are...

9.1CVSS5.8AI score0.00368EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 10:23 p.m.5 views

Always-Incorrect Control Flow Implementation

Overview org.apache.tomcat:tomcat is an implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to the incomplete logging of the effective...

9.1CVSS5.8AI score0.00368EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 10:23 p.m.4 views

Missing Critical Step in Authentication

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Missing Critical Step in Authentication in the JNDIRealm process when configured to authenticate binds using GSSAPI. An attacker can gain unauthorized access by...

9.3CVSS5.8AI score0.00462EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 10:23 p.m.5 views

Missing Critical Step in Authentication

Overview org.apache.tomcat:tomcat is an implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. Affected versions of this package are vulnerable to Missing Critical Step in Authentication in the JNDIRealm process when configured to...

9.3CVSS5.8AI score0.00462EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 10:23 p.m.5 views

Missing Critical Step in Authentication

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Missing Critical Step in Authentication in the JNDIRealm process when configured to authenticate binds using GSSAPI. An attacker can...

9.3CVSS5.8AI score0.00462EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 10:22 p.m.6 views

Improper Authentication

Overview org.apache.tomcat:tomcat is an implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. Affected versions of this package are vulnerable to Improper Authentication in the EncryptionInterceptor process of the cluster component. An...

8.8CVSS5.8AI score0.0028EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 10:22 p.m.34 views

Detection of Error Condition Without Action

Overview org.apache.tomcat:tomcat-util is a Common code shared by multiple Tomcat components. Affected versions of this package are vulnerable to Detection of Error Condition Without Action due to improper handling of invalid certificate revocation list CRL configurations in the FFM connector. An...

9.1CVSS5.8AI score0.00368EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 10:22 p.m.41 views

Detection of Error Condition Without Action

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Detection of Error Condition Without Action due to improper handling of invalid certificate revocation list CRL configurations in the FFM connector. An attacker...

9.1CVSS5.8AI score0.00368EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 10:22 p.m.4 views

Detection of Error Condition Without Action

Overview org.apache.tomcat:tomcat is an implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. Affected versions of this package are vulnerable to Detection of Error Condition Without Action due to improper handling of invalid certificate...

9.1CVSS5.8AI score0.00368EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 10:22 p.m.5 views

Improper Authentication

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Authentication in the EncryptionInterceptor process of the cluster component. An attacker can gain unauthorized access or...

8.8CVSS5.8AI score0.0028EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 10:22 p.m.5 views

Improper Authentication

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Authentication in the EncryptionInterceptor process of the cluster component. An attacker can gain unauthorized access or perform unauthorized actions b...

8.8CVSS5.8AI score0.0028EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 10:21 p.m.6 views

Use of a Broken or Risky Cryptographic Algorithm

Overview @strapi/plugin-users-permissions is a headless CMS Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to improper restriction of accepted JWT algorithms in the plugin::users-permissions.jwt.algorithm configuration. An attacker can...

6.3CVSS5.8AI score0.00147EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 8:21 p.m.18 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the alloperations process. An attacker can execute arbitrary Ruby code in the application process by supplying crafted operation names in a WSDL file. Remediation Upgrade savon to version 2.17.2 or higher...

9.2CVSS6.1AI score
Exploits0References2
snyk
snyk
added 2026/06/29 8:21 p.m.7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the readremotefile function. An attacker can access internal network resources or disclose arbitrary local files by supplying a crafted CSS file containing a malicious @import url... directive, which...

8.9CVSS5.9AI score
Exploits0References2
snyk
snyk
added 2026/06/29 8:21 p.m.4 views

Cross-site Scripting (XSS)

Overview secureheaders is a library that manages application of security headers with many safe defaults. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the overridecontentsecuritypolicydirectives process. An attacker can inject arbitrary Content Security Policy...

4.7CVSS5.9AI score0.00031EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 8:21 p.m.16 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the clear function. An attacker can access or manipulate memory contents from another buffer by triggering the reuse of a memory page after it has been returned to the shared pool, leading to unintended disclosure or...

8.4CVSS5.9AI score
Exploits0References2
snyk
snyk
added 2026/06/29 7:30 p.m.6 views

Server-side Request Forgery (SSRF)

Overview snowflake-cli is a Snowflake CLI Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the !source or !load directives, which allow referencing remote URLs that are fetched at runtime without sufficient restriction on the request destination. An attacke...

9.6CVSS5.9AI score0.00118EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 7:30 p.m.8 views

SQL Injection

Overview snowflake-cli is a Snowflake CLI Affected versions of this package are vulnerable to SQL Injection via improper neutralization of parameters in the secret creation and spcs service log commands. An attacker can execute unintended SQL statements by supplying crafted input to vulnerable...

8.3CVSS5.9AI score0.00188EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 7:30 p.m.3 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the api/dump and api/restore endpoints when the adminapikey is empty. An attacker can access and exfiltrate the entire database, including sensitive user records and feedback data, or...

9.8CVSS6AI score0.03016EPSS
Exploits2References2
snyk
snyk
added 2026/06/29 7:29 p.m.6 views

Authorization Bypass Through User-Controlled Key

Overview modoboa is a Mail hosting made simple Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the PUT /api/v1/accounts/pk/password/ endpoint. An attacker can gain unauthorized access to privileged accounts by bypassing object-level access...

7.7CVSS5.8AI score0.00265EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 7:29 p.m.10 views

Use of Less Trusted Source

Overview libretranslate is a Free and Open Source Machine Translation API. Self-hosted, no limits, no ties to proprietary services. Affected versions of this package are vulnerable to Use of Less Trusted Source via the getremoteaddress function. An attacker can bypass per-IP rate limiting and flo...

6.9CVSS6.1AI score0.00192EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 7:29 p.m.6 views

Sensitive Cookie Without "HttpOnly" Flag

Overview Affected versions of this package are vulnerable to Sensitive Cookie Without "HttpOnly" Flag via missing HttpOnly and Secure attributes on the pinpointJwt session cookie. An attacker can access session tokens by exploiting stored or reflected cross-site scripting to exfiltrate the cookie...

7.6CVSS5.9AI score0.00126EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 7:29 p.m.7 views

Sensitive Cookie Without "HttpOnly" Flag

Overview Affected versions of this package are vulnerable to Sensitive Cookie Without "HttpOnly" Flag via missing HttpOnly and Secure attributes on the pinpointJwt session cookie. An attacker can access session tokens by exploiting stored or reflected cross-site scripting to exfiltrate the cookie...

7.6CVSS5.9AI score0.00126EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 7:29 p.m.6 views

Missing Authorization

Overview mythic is an Interact with Mythic C2 Framework Instances Affected versions of this package are vulnerable to Missing Authorization in the c2profileconfigcheckwebhook, c2profileredirectruleswebhook, c2profilegetiocwebhook, and c2profilesamplemessagewebhook endpoints due to missing...

6.5CVSS6AI score0.00171EPSS
Exploits0References2
Total number of security vulnerabilities35936