Lucene search
+L

36057 matches found

Snyk
Snyk
added 2026/06/29 10:22 p.m.4 views

Detection of Error Condition Without Action

Overview org.apache.tomcat:tomcat is an implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. Affected versions of this package are vulnerable to Detection of Error Condition Without Action due to improper handling of invalid certificate...

9.1CVSS5.8AI score0.00368EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 10:22 p.m.34 views

Detection of Error Condition Without Action

Overview org.apache.tomcat:tomcat-util is a Common code shared by multiple Tomcat components. Affected versions of this package are vulnerable to Detection of Error Condition Without Action due to improper handling of invalid certificate revocation list CRL configurations in the FFM connector. An...

9.1CVSS5.8AI score0.00368EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 10:22 p.m.5 views

Improper Authentication

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Authentication in the EncryptionInterceptor process of the cluster component. An attacker can gain unauthorized access or perform unauthorized actions b...

8.8CVSS5.8AI score0.0028EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 10:22 p.m.6 views

Improper Authentication

Overview org.apache.tomcat:tomcat is an implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. Affected versions of this package are vulnerable to Improper Authentication in the EncryptionInterceptor process of the cluster component. An...

8.8CVSS5.8AI score0.0028EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 10:22 p.m.41 views

Detection of Error Condition Without Action

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Detection of Error Condition Without Action due to improper handling of invalid certificate revocation list CRL configurations in the FFM connector. An attacker...

9.1CVSS5.8AI score0.00368EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 10:22 p.m.5 views

Improper Authentication

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Authentication in the EncryptionInterceptor process of the cluster component. An attacker can gain unauthorized access or...

8.8CVSS5.8AI score0.0028EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 10:21 p.m.6 views

Use of a Broken or Risky Cryptographic Algorithm

Overview @strapi/plugin-users-permissions is a headless CMS Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to improper restriction of accepted JWT algorithms in the plugin::users-permissions.jwt.algorithm configuration. An attacker can...

6.3CVSS5.8AI score0.00147EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 8:21 p.m.18 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the alloperations process. An attacker can execute arbitrary Ruby code in the application process by supplying crafted operation names in a WSDL file. Remediation Upgrade savon to version 2.17.2 or higher...

9.2CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 8:21 p.m.7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the readremotefile function. An attacker can access internal network resources or disclose arbitrary local files by supplying a crafted CSS file containing a malicious @import url... directive, which...

8.9CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 8:21 p.m.4 views

Cross-site Scripting (XSS)

Overview secureheaders is a library that manages application of security headers with many safe defaults. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the overridecontentsecuritypolicydirectives process. An attacker can inject arbitrary Content Security Policy...

4.7CVSS5.9AI score0.00031EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 8:21 p.m.16 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the clear function. An attacker can access or manipulate memory contents from another buffer by triggering the reuse of a memory page after it has been returned to the shared pool, leading to unintended disclosure or...

8.4CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 7:30 p.m.6 views

Server-side Request Forgery (SSRF)

Overview snowflake-cli is a Snowflake CLI Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the !source or !load directives, which allow referencing remote URLs that are fetched at runtime without sufficient restriction on the request destination. An attacke...

9.6CVSS5.9AI score0.00118EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 7:30 p.m.8 views

SQL Injection

Overview snowflake-cli is a Snowflake CLI Affected versions of this package are vulnerable to SQL Injection via improper neutralization of parameters in the secret creation and spcs service log commands. An attacker can execute unintended SQL statements by supplying crafted input to vulnerable...

8.3CVSS5.9AI score0.00188EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 7:30 p.m.3 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the api/dump and api/restore endpoints when the adminapikey is empty. An attacker can access and exfiltrate the entire database, including sensitive user records and feedback data, or...

9.8CVSS6AI score0.03016EPSS
Exploits2References2
Snyk
Snyk
added 2026/06/29 7:29 p.m.6 views

Authorization Bypass Through User-Controlled Key

Overview modoboa is a Mail hosting made simple Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the PUT /api/v1/accounts/pk/password/ endpoint. An attacker can gain unauthorized access to privileged accounts by bypassing object-level access...

7.7CVSS5.8AI score0.00265EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 7:29 p.m.10 views

Use of Less Trusted Source

Overview libretranslate is a Free and Open Source Machine Translation API. Self-hosted, no limits, no ties to proprietary services. Affected versions of this package are vulnerable to Use of Less Trusted Source via the getremoteaddress function. An attacker can bypass per-IP rate limiting and flo...

6.9CVSS6.1AI score0.00192EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 7:29 p.m.6 views

Sensitive Cookie Without "HttpOnly" Flag

Overview Affected versions of this package are vulnerable to Sensitive Cookie Without "HttpOnly" Flag via missing HttpOnly and Secure attributes on the pinpointJwt session cookie. An attacker can access session tokens by exploiting stored or reflected cross-site scripting to exfiltrate the cookie...

7.6CVSS5.9AI score0.00126EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 7:29 p.m.7 views

Sensitive Cookie Without "HttpOnly" Flag

Overview Affected versions of this package are vulnerable to Sensitive Cookie Without "HttpOnly" Flag via missing HttpOnly and Secure attributes on the pinpointJwt session cookie. An attacker can access session tokens by exploiting stored or reflected cross-site scripting to exfiltrate the cookie...

7.6CVSS5.9AI score0.00126EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 7:29 p.m.6 views

Missing Authorization

Overview mythic is an Interact with Mythic C2 Framework Instances Affected versions of this package are vulnerable to Missing Authorization in the c2profileconfigcheckwebhook, c2profileredirectruleswebhook, c2profilegetiocwebhook, and c2profilesamplemessagewebhook endpoints due to missing...

6.5CVSS6AI score0.00171EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 7:29 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the PUT /api/v1/users/uid endpoint. An attacker can alter another user's profile information by sending crafted requests to endpoints associated with arbitrary user identifiers due to...

5.3CVSS6.1AI score0.0019EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 7:29 p.m.8 views

Incorrect Authorization

Overview mythic is an Interact with Mythic C2 Framework Instances Affected versions of this package are vulnerable to Incorrect Authorization due to a broken permission filter in the payloadbuildstep table, which uses an always-satisfied or condition that bypasses operation-scoped access controls...

7.1CVSS6AI score0.00246EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 7:29 p.m.7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the webhook registration process. An attacker can access internal network resources by registering internal URLs and triggering alarm threshold breaches, which causes the server to issue POST requests...

8.5CVSS6AI score0.00239EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 7:29 p.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the webhook registration process. An attacker can access internal network resources by registering internal URLs and triggering alarm threshold breaches, which causes the server to issue POST requests...

8.5CVSS6AI score0.00239EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 7:29 p.m.7 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the OAuth callback controller process. An attacker can execute arbitrary JavaScript in authenticated users' browsers by crafting malicious OAuth callback URLs containing unsanitized error query parameters...

6.1CVSS5.9AI score0.00168EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 7:29 p.m.5 views

Missing Authorization

Overview com.yahoo.elide:elide-core is a library that lets you stand up a GraphQL/JSON-API web service with minimal effort. Affected versions of this package are vulnerable to Missing Authorization in the SortingImpl.getValidSortingRules process. An attacker can infer the values of restricted...

5.3CVSS5.9AI score0.00168EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 7:29 p.m.6 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the SortingImpl.getValidSortingRules process. An attacker can infer the values of restricted fields by analyzing the order of rows returned through both JSON:API and GraphQL read paths. Remediation There is no...

5.3CVSS6AI score0.00168EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 7:28 p.m.3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the alert rule store process. An attacker can read, modify, or delete alert rules belonging to other organizations by supplying a target rule UUID and bypassing multi-tenant access...

6.4CVSS6AI score0.00177EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 7:28 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the alert rule store process. An attacker can read, modify, or delete alert rules belonging to other organizations by supplying a target rule UUID and bypassing multi-tenant access...

6.4CVSS6AI score0.00177EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 7:28 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the alert rule store process. An attacker can read, modify, or delete alert rules belonging to other organizations by supplying a target rule UUID and bypassing multi-tenant access...

6.4CVSS6AI score0.00177EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 7:28 p.m.3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the alert rule store process. An attacker can read, modify, or delete alert rules belonging to other organizations by supplying a target rule UUID and bypassing multi-tenant access...

6.4CVSS6AI score0.00177EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 7:28 p.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the rule ID path parameter of the alert-history endpoints. An attacker can execute arbitrary database queries and access sensitive data by injecting specially crafted input. This may also allow the attacker to perform...

8.5CVSS6.2AI score0.00235EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 5:46 p.m.5 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization in the token endpoint when the codeVerifierEnforced setting is disabled. An attacker can obtain access tokens without providing the required PKCE code verifier by intercepting an authorization code and redeeming i...

7.1CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 5:44 p.m.8 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the privatekeyjwt authentication process. An attacker can generate access tokens as another client by exploiting the JWKS resolver cache, without possessing the victim's signing key, if the target client has...

7.1CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 5:43 p.m.6 views

Protection Mechanism Failure

Overview Affected versions of this package are vulnerable to Protection Mechanism Failure in the server-side scripting sandbox due to insufficient protection mechanisms. An attacker can execute arbitrary operating system commands by escaping the Groovy sandbox with default class allow and deny...

7.5CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 5:33 p.m.4 views

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information in the process that handles SSID allowlist checks for internal network connections. An attacker can intercept sensitive information, such as access tokens and sensor data, by connecting th...

8.7CVSS5.8AI score0.00161EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 5:33 p.m.5 views

SQL Injection

Overview snowflake-cli is a Snowflake CLI Affected versions of this package are vulnerable to SQL Injection through the processing of attacker-controlled content in repository data, project configuration, manifest data, or specification input. An attacker can execute unintended SQL statements in...

8.8CVSS5.9AI score0.0032EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 5:33 p.m.9 views

SQL Injection

Overview snowflake-cli is a Snowflake CLI Affected versions of this package are vulnerable to SQL Injection via improper neutralization of local CLI parameters in the Cortex SQL or object listing command paths. An attacker can execute unintended SQL statements within the context of the current...

8.3CVSS5.9AI score0.0013EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 5:33 p.m.5 views

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness due to improper privilege handling in the Project Owner role. An attacker can gain unauthorized access to host-level privileges by exploiting insufficient access control mechanisms. Remediation...

9.4CVSS6AI score0.00319EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 5:33 p.m.7 views

Directory Traversal

Overview snowflake-cli is a Snowflake CLI Affected versions of this package are vulnerable to Directory Traversal via improper restriction of file path resolution. An attacker can access and exfiltrate arbitrary local files by supplying crafted project or repository content that references files...

8.7CVSS6.5AI score0.00139EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 5:32 p.m.8 views

Arbitrary Code Injection

Overview snowflake-cli is a Snowflake CLI Affected versions of this package are vulnerable to Arbitrary Code Injection in the Snowpark annotation processor template. An attacker can execute arbitrary code by supplying crafted project content that is interpolated into generated Python code during...

9.2CVSS6.2AI score0.0037EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 5:32 p.m.5 views

Insertion of Sensitive Information into Log File

Overview snowflake-cli is a Snowflake CLI Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the debug logging process. An attacker can access sensitive credentials by obtaining read access to local log files. This is only exploitable if...

6.8CVSS5.8AI score0.00108EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:54 p.m.9 views

Malicious Package

Overview autotel-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:54 p.m.9 views

Malicious Package

Overview autotel-backends is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:53 p.m.7 views

Malicious Package

Overview @webda-infra-ui/static-images is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:53 p.m.19 views

Malicious Package

Overview @webd-infra/query-designer-domain is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:53 p.m.8 views

Malicious Package

Overview wm-mapper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:53 p.m.6 views

Malicious Package

Overview tivo-codelib-a is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:53 p.m.10 views

Malicious Package

Overview @cseo-hr/trpweb-shared is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:53 p.m.5 views

Malicious Package

Overview @contentprod-authoring/block-manager is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:53 p.m.6 views

Malicious Package

Overview sorenson-webfonts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Total number of security vulnerabilities36057