Lucene search
+L

36119 matches found

Snyk
Snyk
•added 2026/06/26 8:51 p.m.•9 views

Allocation of Resources Without Limits or Throttling

Overview python-socketio is a Socket.IO server and client for Python Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the process that stores binary EVENT and ACK messages in memory while awaiting their binary attachments. An attacke...

8.7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 8:51 p.m.•6 views

Allocation of Resources Without Limits or Throttling

Overview python-engineio is a Python implementation of the Engine.IO realtime client and server. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the heartbeat mechanism. An attacker can exhaust system resources by repeatedly triggering...

8.7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 8:51 p.m.•9 views

Malicious Package

Overview semantic-router is a malicious package. in the litellminit.pth process. An attacker can gain unauthorized access to sensitive information, including environment variables, cloud credentials, SSH keys, database credentials, and other secrets, by executing malicious code during Python...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 8:48 p.m.•6 views

Allocation of Resources Without Limits or Throttling

Overview python-engineio is a Python implementation of the Engine.IO realtime client and server. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the handling of incoming messages when using ASGI with the long polling transport for POST...

8.7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 8:47 p.m.•6 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:linkify-it is a Links recognition library with FULL unicode support Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to quadratic algorithmic complexity in the match function. An attacker can exhaust CPU resources and caus...

8.7CVSS6AI score0.00445EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 8:47 p.m.•6 views

Regular Expression Denial of Service (ReDoS)

Overview linkify-it is a Links recognition library with FULL unicode support Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to quadratic algorithmic complexity in the match function. An attacker can exhaust CPU resources and cause significant...

8.7CVSS6AI score0.00445EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 8:44 p.m.•7 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to improper file permission settings on the settings.json file, which stores sensitive credentials in plaintext. An attacker can gain unauthorized access to confidential platform...

6.8CVSS6AI score
Exploits0References3
Snyk
Snyk
•added 2026/06/26 8:41 p.m.•6 views

Access Control Bypass

Overview nono-py is a Python bindings for nono capability-based sandboxing Affected versions of this package are vulnerable to Access Control Bypass due to the policy JSON accepting unknown security-sensitive fields and the failure to automatically enforce CapabilitySet.proxyonly when resolving a...

5.2CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 8:39 p.m.•5 views

Insecure Default Initialization of Resource

Overview nono-py is a Python bindings for nono capability-based sandboxing Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to improper enforcement of access restrictions in the proxy process. An attacker can gain unauthorized network access by...

5.2CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 8:34 p.m.•5 views

Debug Messages Revealing Unnecessary Information

Overview @mcptoolshop/backpropagate is a Deprecated npm distribution shim for backpropagate — prints install guidance for pipx/uv tool/pip. See https://github.com/mcp-tool-shop-org/backpropagate Affected versions of this package are vulnerable to Debug Messages Revealing Unnecessary Information i...

9.8CVSS6AI score0.00324EPSS
Exploits0References4
Snyk
Snyk
•added 2026/06/26 8:34 p.m.•5 views

Debug Messages Revealing Unnecessary Information

Overview backpropagate is a Production-ready headless LLM fine-tuning with smart defaults, Windows support, and modular architecture Affected versions of this package are vulnerable to Debug Messages Revealing Unnecessary Information in the authentication process. An attacker can gain unauthorize...

9.8CVSS6AI score0.00324EPSS
Exploits0References4
Snyk
Snyk
•added 2026/06/26 8:33 p.m.•8 views

Protection Mechanism Failure

Overview nono-py is a Python bindings for nono capability-based sandboxing Affected versions of this package are vulnerable to Protection Mechanism Failure in the sandboxedexec process when running on Linux kernels lacking Landlock network support. An attacker can access sensitive network resourc...

6.4CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 8:30 p.m.•4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the GetPolicyByIDQueries process. An attacker can access policy data belonging to other teams by sending requests to the global policy read endpoint with valid credentials for any team, thereby bypassing...

5.3CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 8:30 p.m.•2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the GetPolicyByIDQueries process. An attacker can access policy data belonging to other teams by sending requests to the global policy read endpoint with valid credentials for any team, thereby bypassing...

5.3CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 8:13 p.m.•18 views

Exposed Dangerous Method or Function

Overview nx is a The core Nx plugin contains the core functionality of Nx like the project graph, nx commands and task orchestration. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the local HTTP server's permissive CORS policy, which sends...

6CVSS6.1AI score0.00812EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 7:47 p.m.•9 views

Arbitrary Argument Injection

Overview @cyclonedx/cdxgen is a Creates CycloneDX Software Bill of Materials SBOM from source or container image Affected versions of this package are vulnerable to Arbitrary Argument Injection via the Maven project scanning process. An attacker can execute arbitrary shell commands by submitting ...

7.2CVSS6.2AI score
Exploits0References3
Snyk
Snyk
•added 2026/06/26 7:26 p.m.•6 views

Interpretation Conflict

Overview Affected versions of this package are vulnerable to Interpretation Conflict via the downloadImage process. An attacker can execute arbitrary scripts in the context of the application by tricking a user into visiting a crafted link that proxies malicious content through the image proxy...

8.2CVSS7.4AI score0.00251EPSS
Exploits0References3
Snyk
Snyk
•added 2026/06/26 7:20 p.m.•3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to incorrect path string matching in the limit container paths process. An attacker can bypass intended directory restrictions by placing containers in sibling directories with similar names, allowing unauthorize...

4.8CVSS6.5AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 7:13 p.m.•5 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the imageDownload process. An attacker can overwrite arbitrary files on the host system and potentially execute arbitrary commands as root by supplying a crafted Incus-Image-Hash header containing directory...

9.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 7:13 p.m.•6 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the imageDownload process. An attacker can overwrite arbitrary files on the host system and potentially execute arbitrary commands as root by supplying a crafted Incus-Image-Hash header containing directory...

9.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 7:13 p.m.•4 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the imageDownload process. An attacker can overwrite arbitrary files on the host system and potentially execute arbitrary commands as root by supplying a crafted Incus-Image-Hash header containing directory...

9.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 7:13 p.m.•6 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the imageDownload process. An attacker can overwrite arbitrary files on the host system and potentially execute arbitrary commands as root by supplying a crafted Incus-Image-Hash header containing directory...

9.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 7:13 p.m.•5 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the imageDownload process. An attacker can overwrite arbitrary files on the host system and potentially execute arbitrary commands as root by supplying a crafted Incus-Image-Hash header containing directory...

9.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 7:13 p.m.•6 views

Improper Input Validation

Overview github.com/lxc/incus/v6/shared/validate is a None Affected versions of this package are vulnerable to Improper Input Validation. via the imageDownload process. An attacker can overwrite arbitrary files on the host system and potentially execute arbitrary commands as root by supplying a...

9.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 7:11 p.m.•4 views

Improper Verification of Cryptographic Signature

Overview @sigstore/core is a Base library for Sigstore Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the preAuthEncoding function. An attacker can bypass type-binding guarantees by substituting characters in payloadType with Unicode varian...

5.4CVSS6AI score0.00264EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 7:7 p.m.•4 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateCustomVolumeFromBackup process. An attacker can cause the incusd daemon to crash by uploading a crafted backup tarball with a volumesnapshots.expiresat field omitted, leading to a nil pointer...

5.3CVSS5.8AI score0.00025EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 7:7 p.m.•6 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateCustomVolumeFromBackup process. An attacker can cause the incusd daemon to crash by uploading a crafted backup tarball with a volumesnapshots.expiresat field omitted, leading to a nil pointer...

5.3CVSS5.8AI score0.00025EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 7:7 p.m.•4 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateCustomVolumeFromBackup process. An attacker can cause the incusd daemon to crash by uploading a crafted backup tarball with a volumesnapshots.expiresat field omitted, leading to a nil pointer...

5.3CVSS5.8AI score0.00025EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 7:3 p.m.•4 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via improper validation of the compressionalgorithm parameter. An attacker can achieve arbitrary file write and potentially execute arbitrary commands by injecting additional arguments into the compression...

9.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 7:3 p.m.•7 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via improper validation of the compressionalgorithm parameter. An attacker can achieve arbitrary file write and potentially execute arbitrary commands by injecting additional arguments into the compression...

9.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 7:3 p.m.•7 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via improper validation of the compressionalgorithm parameter. An attacker can achieve arbitrary file write and potentially execute arbitrary commands by injecting additional arguments into the compression...

9.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:52 p.m.•5 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the createDependentVolumesFromBackup process. An attacker can cause the daemon to crash by uploading a crafted backup tarball with a malformed dependentvolumes block containing nil or omitted sub-fields. This...

5.3CVSS5.8AI score0.00025EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:52 p.m.•5 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the createDependentVolumesFromBackup process. An attacker can cause the daemon to crash by uploading a crafted backup tarball with a malformed dependentvolumes block containing nil or omitted sub-fields. This...

5.3CVSS5.8AI score0.00025EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:52 p.m.•5 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the createDependentVolumesFromBackup process. An attacker can cause the daemon to crash by uploading a crafted backup tarball with a malformed dependentvolumes block containing nil or omitted sub-fields. This...

5.3CVSS5.8AI score0.00025EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:47 p.m.•4 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via unsanitized handling of the uploadId parameter in the multipart upload process. An attacker can create arbitrary files on the host system, potentially leading to arbitrary command execution, by...

9.9CVSS6AI score0.00091EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:47 p.m.•7 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via unsanitized handling of the uploadId parameter in the multipart upload process. An attacker can create arbitrary files on the host system, potentially leading to arbitrary command execution, by...

9.9CVSS6AI score0.00091EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:47 p.m.•5 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via unsanitized handling of the uploadId parameter in the multipart upload process. An attacker can create arbitrary files on the host system, potentially leading to arbitrary command execution, by...

9.9CVSS6AI score0.00091EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:46 p.m.•5 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via a crafted symlink in the templates directory during image import or instance backup restoration processes. An attacker can access and modify arbitrary files on the host system, potentially leadi...

9.9CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:46 p.m.•6 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via a crafted symlink in the templates directory during image import or instance backup restoration processes. An attacker can access and modify arbitrary files on the host system, potentially leadi...

9.9CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:46 p.m.•5 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via a crafted symlink in the templates directory during image import or instance backup restoration processes. An attacker can access and modify arbitrary files on the host system, potentially leadi...

9.9CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:33 p.m.•5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization through the raw.lxc and raw.qemu hooks when the restricted.containers.lowlevel=block setting is ignored during instance snapshot restoration. An attacker can execute arbitrary commands with root privileges on the...

9.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:33 p.m.•6 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization through the raw.lxc and raw.qemu hooks when the restricted.containers.lowlevel=block setting is ignored during instance snapshot restoration. An attacker can execute arbitrary commands with root privileges on the...

9.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:33 p.m.•6 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization through the raw.lxc and raw.qemu hooks when the restricted.containers.lowlevel=block setting is ignored during instance snapshot restoration. An attacker can execute arbitrary commands with root privileges on the...

9.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:32 p.m.•5 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the record-output process. An attacker can create or overwrite files on the host system by exploiting a crafted symlink in a container image, which can lead to arbitrary command execution...

9.9CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:32 p.m.•6 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the record-output process. An attacker can create or overwrite files on the host system by exploiting a crafted symlink in a container image, which can lead to arbitrary command execution...

9.9CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:32 p.m.•4 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the record-output process. An attacker can create or overwrite files on the host system by exploiting a crafted symlink in a container image, which can lead to arbitrary command execution...

9.9CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:31 p.m.•6 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the rootfs symlink during image extraction. An attacker can gain unauthorized access to sensitive files and perform arbitrary file creation or modification on the host by importing a special...

9.9CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:31 p.m.•3 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the rootfs symlink during image extraction. An attacker can gain unauthorized access to sensitive files and perform arbitrary file creation or modification on the host by importing a special...

9.9CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:31 p.m.•4 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the rootfs symlink during image extraction. An attacker can gain unauthorized access to sensitive files and perform arbitrary file creation or modification on the host by importing a special...

9.9CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:15 p.m.•5 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the fn-git-create-hook process when a crafted app name containing shell metacharacters is pushed to a git remote. An attacker can execute arbitrary commands as the application user by embedding malicious input in t...

9CVSS6.2AI score0.00234EPSS
Exploits0References2
Total number of security vulnerabilities36119