Lucene search
+L

36144 matches found

Snyk
Snyk
•added 2026/06/26 7:7 p.m.•6 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateCustomVolumeFromBackup process. An attacker can cause the incusd daemon to crash by uploading a crafted backup tarball with a volumesnapshots.expiresat field omitted, leading to a nil pointer...

5.3CVSS5.8AI score0.00025EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 7:7 p.m.•4 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateCustomVolumeFromBackup process. An attacker can cause the incusd daemon to crash by uploading a crafted backup tarball with a volumesnapshots.expiresat field omitted, leading to a nil pointer...

5.3CVSS5.8AI score0.00025EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 7:3 p.m.•4 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via improper validation of the compressionalgorithm parameter. An attacker can achieve arbitrary file write and potentially execute arbitrary commands by injecting additional arguments into the compression...

9.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 7:3 p.m.•7 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via improper validation of the compressionalgorithm parameter. An attacker can achieve arbitrary file write and potentially execute arbitrary commands by injecting additional arguments into the compression...

9.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 7:3 p.m.•7 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via improper validation of the compressionalgorithm parameter. An attacker can achieve arbitrary file write and potentially execute arbitrary commands by injecting additional arguments into the compression...

9.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:52 p.m.•5 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the createDependentVolumesFromBackup process. An attacker can cause the daemon to crash by uploading a crafted backup tarball with a malformed dependentvolumes block containing nil or omitted sub-fields. This...

5.3CVSS5.8AI score0.00025EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:52 p.m.•5 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the createDependentVolumesFromBackup process. An attacker can cause the daemon to crash by uploading a crafted backup tarball with a malformed dependentvolumes block containing nil or omitted sub-fields. This...

5.3CVSS5.8AI score0.00025EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:52 p.m.•5 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the createDependentVolumesFromBackup process. An attacker can cause the daemon to crash by uploading a crafted backup tarball with a malformed dependentvolumes block containing nil or omitted sub-fields. This...

5.3CVSS5.8AI score0.00025EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:47 p.m.•7 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via unsanitized handling of the uploadId parameter in the multipart upload process. An attacker can create arbitrary files on the host system, potentially leading to arbitrary command execution, by...

9.9CVSS6AI score0.00091EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:47 p.m.•5 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via unsanitized handling of the uploadId parameter in the multipart upload process. An attacker can create arbitrary files on the host system, potentially leading to arbitrary command execution, by...

9.9CVSS6AI score0.00091EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:47 p.m.•5 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via unsanitized handling of the uploadId parameter in the multipart upload process. An attacker can create arbitrary files on the host system, potentially leading to arbitrary command execution, by...

9.9CVSS6AI score0.00091EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:46 p.m.•5 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via a crafted symlink in the templates directory during image import or instance backup restoration processes. An attacker can access and modify arbitrary files on the host system, potentially leadi...

9.9CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:46 p.m.•6 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via a crafted symlink in the templates directory during image import or instance backup restoration processes. An attacker can access and modify arbitrary files on the host system, potentially leadi...

9.9CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:46 p.m.•5 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via a crafted symlink in the templates directory during image import or instance backup restoration processes. An attacker can access and modify arbitrary files on the host system, potentially leadi...

9.9CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:33 p.m.•5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization through the raw.lxc and raw.qemu hooks when the restricted.containers.lowlevel=block setting is ignored during instance snapshot restoration. An attacker can execute arbitrary commands with root privileges on the...

9.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:33 p.m.•6 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization through the raw.lxc and raw.qemu hooks when the restricted.containers.lowlevel=block setting is ignored during instance snapshot restoration. An attacker can execute arbitrary commands with root privileges on the...

9.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:33 p.m.•6 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization through the raw.lxc and raw.qemu hooks when the restricted.containers.lowlevel=block setting is ignored during instance snapshot restoration. An attacker can execute arbitrary commands with root privileges on the...

9.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:32 p.m.•5 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the record-output process. An attacker can create or overwrite files on the host system by exploiting a crafted symlink in a container image, which can lead to arbitrary command execution...

9.9CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:32 p.m.•6 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the record-output process. An attacker can create or overwrite files on the host system by exploiting a crafted symlink in a container image, which can lead to arbitrary command execution...

9.9CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:32 p.m.•4 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the record-output process. An attacker can create or overwrite files on the host system by exploiting a crafted symlink in a container image, which can lead to arbitrary command execution...

9.9CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:31 p.m.•6 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the rootfs symlink during image extraction. An attacker can gain unauthorized access to sensitive files and perform arbitrary file creation or modification on the host by importing a special...

9.9CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:31 p.m.•3 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the rootfs symlink during image extraction. An attacker can gain unauthorized access to sensitive files and perform arbitrary file creation or modification on the host by importing a special...

9.9CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:31 p.m.•4 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the rootfs symlink during image extraction. An attacker can gain unauthorized access to sensitive files and perform arbitrary file creation or modification on the host by importing a special...

9.9CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:15 p.m.•5 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the fn-git-create-hook process when a crafted app name containing shell metacharacters is pushed to a git remote. An attacker can execute arbitrary commands as the application user by embedding malicious input in t...

9CVSS6.2AI score0.00234EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:15 p.m.•4 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the cron process in the app.json file. An attacker can execute arbitrary commands on the host system by injecting special shell characters into the cron command. Remediation Upgrade...

9.9CVSS6.2AI score0.00274EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:15 p.m.•5 views

Missing Authorization

Overview pagekit/pagekit is a modular and lightweight CMS built with Symfony components and Vue.js. Affected versions of this package are vulnerable to Missing Authorization due to missing authorization checks in the saveAction function of UserApiController. An attacker can gain elevated privileg...

8.8CVSS6.1AI score0.00479EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:15 p.m.•9 views

Brute Force

Overview payload is a Node, React and MongoDB Headless CMS and Application Framework Affected versions of this package are vulnerable to Brute Force due to insufficient access control in the unlock process. An attacker can regain access to a locked account by exploiting the default unlock...

5.4CVSS5.8AI score0.00235EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:15 p.m.•4 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the git:from-archive and certs:add processes. An attacker can overwrite arbitrary files on the system by supplying a crafted tar or zip archive containing symlinks that are followed during extraction, potentially...

9CVSS6.1AI score0.00289EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:15 p.m.•7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the image import process. An attacker can interact with internal network infrastructure and perform error-based port scanning by supplying a crafted URL to the /images endpoint, which causes the daemo...

5.3CVSS6AI score0.0017EPSS
Exploits1References2
Snyk
Snyk
•added 2026/06/26 6:15 p.m.•7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the image import process. An attacker can interact with internal network infrastructure and perform error-based port scanning by supplying a crafted URL to the /images endpoint, which causes the daemo...

5.3CVSS6AI score0.0017EPSS
Exploits1References2
Snyk
Snyk
•added 2026/06/26 6:15 p.m.•7 views

Directory Traversal

Overview org.webjars.npm:extract-zip is an unzip a zip file into a directory using 100% javascript Affected versions of this package are vulnerable to Directory Traversal via the extraction process. An attacker can access or modify arbitrary files by crafting a malicious zip archive containing...

8.6CVSS6.6AI score0.00346EPSS
Exploits1References2
Snyk
Snyk
•added 2026/06/26 6:15 p.m.•7 views

Directory Traversal

Overview extract-zip is an unzip a zip file into a directory using 100% javascript Affected versions of this package are vulnerable to Directory Traversal via the extraction process. An attacker can access or modify arbitrary files by crafting a malicious zip archive containing symlinks that poin...

8.6CVSS6.5AI score0.00346EPSS
Exploits1References2
Snyk
Snyk
•added 2026/06/26 6:15 p.m.•5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the StaticDirectoryHandler process. An attacker can gain unauthorized access to static files by sending requests with encoded slashes %2F in the URL, which bypasses route-level access controls due to inconsistent...

8.7CVSS6.5AI score0.0043EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:15 p.m.•6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the StaticDirectoryHandler process. An attacker can gain unauthorized access to static files by sending requests with encoded slashes %2F in the URL, which bypasses route-level access controls due to inconsistent...

8.7CVSS6.5AI score0.0043EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:15 p.m.•5 views

Directory Traversal

Overview github.com/labstack/echo/v4/middleware is a middleware package for echo. Affected versions of this package are vulnerable to Directory Traversal via the StaticDirectoryHandler process. An attacker can gain unauthorized access to static files by sending requests with encoded slashes %2F i...

8.7CVSS6.5AI score0.0043EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 6:15 p.m.•6 views

Directory Traversal

Overview github.com/labstack/echo/v5/middleware is a middleware package for echo. Affected versions of this package are vulnerable to Directory Traversal via the StaticDirectoryHandler process. An attacker can gain unauthorized access to static files by sending requests with encoded slashes %2F i...

8.7CVSS6.5AI score0.0043EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 5:33 p.m.•5 views

Unverified Password Change

Overview Affected versions of this package are vulnerable to Unverified Password Change in the OAuth2 authentication module when the password is silently rewritten to the username upon OAuth2 re-login. An attacker can gain unauthorized access to user accounts by authenticating with both the...

8.7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 5:32 p.m.•5 views

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the MSISDN authentication process. An attacker can gain unauthorized access to arbitrary user sessions by injecting crafted input into the LDAP search filter. This is only exploitable if t...

8.7CVSS5.9AI score
Exploits0References3
Snyk
Snyk
•added 2026/06/26 5:22 p.m.•6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the inopentelemetry process. An attacker can cause excessive memory consumption by sending a large HTTP request or a highly compressed payload that decompresses to a very large...

6.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 5:16 p.m.•8 views

Arbitrary Code Injection

Overview Genshi is an A toolkit for generation of output for the web Affected versions of this package are vulnerable to Arbitrary Code Injection via the expression evaluation process. An attacker can execute arbitrary code on the server by submitting specially crafted template expressions...

9.8CVSS6.5AI score0.00726EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 5:16 p.m.•5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the devLXDInstancePatchHandler component. An attacker can mount, read, and overwrite another guest's custom storage volume by sending a crafted device PATCH request over /dev/lxd when...

9.6CVSS6AI score0.00209EPSS
Exploits1References2
Snyk
Snyk
•added 2026/06/26 5:14 p.m.•9 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the snapshot restoration process. An attacker can gain unauthorized root access on the host by importing a specially crafted instance backup containing restricted configuration keys within a snapshot, which ar...

7.2CVSS6AI score0.00342EPSS
Exploits1References2
Snyk
Snyk
•added 2026/06/26 5:14 p.m.•5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the snapshot restoration process. An attacker can gain unauthorized root access on the host by importing a specially crafted instance backup containing restricted configuration keys within a snapshot, which ar...

7.2CVSS6AI score0.00342EPSS
Exploits1References2
Snyk
Snyk
•added 2026/06/26 5:14 p.m.•5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the snapshot restoration process. An attacker can gain unauthorized root access on the host by importing a specially crafted instance backup containing restricted configuration keys within a snapshot, which ar...

7.2CVSS6AI score0.00342EPSS
Exploits1References2
Snyk
Snyk
•added 2026/06/26 5:14 p.m.•5 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateCustomVolumeFromBackup process. An attacker can cause the application to crash by submitting a specially crafted backup tarball that omits the expiresat snapshot field. This is only exploitable if t...

8.7CVSS6AI score0.00389EPSS
Exploits1References2
Snyk
Snyk
•added 2026/06/26 5:14 p.m.•5 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via the model quantization engine. An attacker can access and extract sensitive data from the server's heap memory by sending unauthenticated remote requests. Remediation There is no fixed version for...

8.8CVSS6.7AI score0.00551EPSS
Exploits1References2
Snyk
Snyk
•added 2026/06/26 5:2 p.m.•5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the ins3 process. An attacker can cause excessive memory consumption by uploading a highly compressed file that decompresses to a large size, leading to resource exhaustion and...

5.1CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 4:36 p.m.•6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the outhttp process when untrusted user input is used in the endpoint configuration parameter. An attacker can cause the system to send HTTP requests to arbitrary internal services by manipulating...

7.2CVSS5.9AI score0.00442EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 4:35 p.m.•6 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the inhttp and inforward plugins when decompressing gzip-compressed data. An attacker can cause excessive memory consumption by sending a highly compressed payload that...

8.7CVSS5.8AI score0.0062EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/26 4:32 p.m.•6 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the inmonitoragent process. An attacker can access sensitive internal instance variables, including credentials, by sending HTTP requests to the Monitor Agent API endpoints. The impact...

8.7CVSS5.8AI score0.00474EPSS
Exploits0References2
Total number of security vulnerabilities36144