Lucene search
+L

36144 matches found

Snyk
Snyk
added 2026/06/25 11:14 p.m.7 views

Cross-site Scripting (XSS)

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the page editor process. An attacker can execute arbitrary scripts and potentially gain system access by injecting...

5.4CVSS5.9AI score0.00167EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 11:13 p.m.9 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the idlelib.pyshell.ModifiedInterpreter.runcode process. An attacker can execute arbitrary commands by...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 10:34 p.m.5 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition through the proxyCSSRewriter process. An attacker can cause the application to crash by triggering concurrent access to shared resources, resulting in a denial of service. Remediation Upgrade...

8.2CVSS5.8AI score0.00091EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the LinkCheck process due to incomplete validation of IPv6 transition mechanisms. An attacker can access internal network resources by submitting specially crafted requests that exploit the insufficie...

6.9CVSS5.8AI score0.00282EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Webhook URL handling process. An attacker can access internal network resources or sensitive endpoints by supplying a crafted URL. Remediation There is no fixed version for...

7.2CVSS5.8AI score0.00301EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.8 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the file processing mechanism. An attacker can write arbitrary files to the filesystem by exploiting a case-insensitive bypass and missing checks for HardLink/SymLink tags. Remediation There is no fixed version for...

7.1CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.8 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the file processing mechanism. An attacker can write arbitrary files to the filesystem by exploiting a case-insensitive bypass and missing checks for HardLink/SymLink tags. Remediation Upgrade...

7.1CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the PATCH process for public shares. An attacker can access or modify files outside the intended shared directory by crafting malicious requests that exploit improper path validation. Details A Directory Traversa...

9.3CVSS6.4AI score0.00446EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through the dump process when handling attacker-controlled message IDs via the --http interface. An attacker can write arbitrary files to the filesystem by supplying crafted message IDs that exploit path traversal...

6CVSS6.5AI score0.00032EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.5 views

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the authentication process when using Basic Auth with LDAP. An attacker can bypass intended authentication controls by supplying usernames with different letter casing, potentially gaining...

6.3CVSS5.8AI score0.00308EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.16 views

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the authentication process when using Basic Auth with LDAP. An attacker can bypass intended authentication controls by supplying usernames with different letter casing, potentially gaining...

6.3CVSS5.8AI score0.00308EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the HTML processing component due to a missing IP-filter dialer. An attacker can access internal network resources by crafting malicious HTML content that triggers requests to private, loopback, or IM...

6.9CVSS5.8AI score0.00037EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.6 views

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the authentication process when using Basic Auth with LDAP. An attacker can bypass intended authentication controls by supplying usernames with different letter casing, potentially gaining...

6.3CVSS5.8AI score0.00308EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the HTML processing component due to a missing IP-filter dialer. An attacker can access internal network resources by crafting malicious HTML content that triggers requests to private, loopback, or IM...

6.9CVSS5.8AI score0.00037EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the HTML processing component due to a missing IP-filter dialer. An attacker can access internal network resources by crafting malicious HTML content that triggers requests to private, loopback, or IM...

6.9CVSS5.8AI score0.00037EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.6 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the process handling Gateway resources when the konghq.com/gatewayclass-unmanaged: 'true' annotation is missing. An attacker can access TLS secrets from other namespaces by creating or modifying Gateway resources...

6.9CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.7 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the process handling Gateway resources when the konghq.com/gatewayclass-unmanaged: 'true' annotation is missing. An attacker can access TLS secrets from other namespaces by creating or modifying Gateway resources...

6.9CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.6 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the redirect parameter. An attacker can redirect users to arbitrary external sites by crafting a malicious URL. Remediation There is no fixed version for github.com/casdoor/casdoor/object. References - Go Advisory...

6.1CVSS5.9AI score0.00324EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.7 views

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the authentication process when using Basic Auth with LDAP. An attacker can bypass intended authentication controls by supplying usernames with different letter casing, potentially gaining...

6.3CVSS5.8AI score0.00308EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.6 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the selector lexer process. An attacker can cause a panic and potentially disrupt service availability by providing a quoted string with a trailing backslash. Remediation There is no fixed version...

6.9CVSS5.8AI score0.00129EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.6 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the selector lexer process. An attacker can cause a panic and potentially disrupt service availability by providing a quoted string with a trailing backslash. Remediation There is no fixed version...

6.9CVSS5.8AI score0.00129EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.5 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop due to an infinite loop in the selector lexer process when handling an unterminated regex literal. An attacker can cause the application to become unresponsive by providing specially crafted input that triggers the infinit...

6.9CVSS5.8AI score0.00112EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.5 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop due to an infinite loop in the selector lexer process when handling an unterminated regex literal. An attacker can cause the application to become unresponsive by providing specially crafted input that triggers the infinit...

6.9CVSS5.8AI score0.00112EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:17 p.m.5 views

Directory Traversal

Overview pynetdicom is an A Python implementation of the DICOM networking protocol Affected versions of this package are vulnerable to Directory Traversal via the qrscp application's C-STORE handler, which uses attacker-supplied DICOM dataset values directly in os.path.join without sanitization. ...

9.1CVSS6.5AI score0.00434EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 10:7 p.m.7 views

Server-side Request Forgery (SSRF)

Overview lemur is a Certificate management and orchestration service Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the improper handling of user-supplied URLs in the acmeurl parameter, lack of access control in the certificate key-fetch process, and...

9.9CVSS5.8AI score
Exploits0References4
Snyk
Snyk
added 2026/06/25 10:5 p.m.6 views

Improper Verification of Cryptographic Signature

Overview lemur is a Certificate management and orchestration service Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the decodewithmultiplesecrets process. An attacker can influence the cryptographic algorithm used for token verification by...

6.3CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 10:2 p.m.6 views

Credential Exposure

Overview lemur is a Certificate management and orchestration service Affected versions of this package are vulnerable to Credential Exposure due to the improper handling of password updates in the update function. An attacker can obtain plaintext credentials by exfiltrating the users table,...

6.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 10:1 p.m.6 views

Incorrect Authorization

Overview lemur is a Certificate management and orchestration service Affected versions of this package are vulnerable to Incorrect Authorization in the PUT /api/1/roles/ process. An attacker can modify role membership and rename roles by sending crafted requests to the affected endpoint while bei...

6.3CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 9:58 p.m.6 views

Server-side Request Forgery (SSRF)

Overview lemur is a Certificate management and orchestration service Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the verifystring process when extracting CRL Distribution Point and OCSP responder URLs from uploaded certificate extensions. An attacker ca...

6.3CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 9:33 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Package.Unmarshal function. An attacker can cause the server to exhaust system memory and crash by submitting a specially crafted gzip-compressed APK payload with a high...

8.7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 9:33 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview github.com/sigstore/rekor/pkg/types/alpine is an immutable tamper resistant ledger of metadata generated within a software projects supply chain Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Package.Unmarshal function. An...

8.7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 9:32 p.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the GetInstance process. An attacker can access or modify resources belonging to other users by sending requests with their own credentials after another user has initialized the singleton, causing all subsequen...

6CVSS6AI score0.00205EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 9:32 p.m.6 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the GetInstance process. An attacker can access or modify resources belonging to other users by sending requests with their own credentials after another user has initialized the singleton, causing all subsequen...

6CVSS6AI score0.00205EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 9:32 p.m.9 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the GetInstance process. An attacker can access or modify resources belonging to other users by sending requests with their own credentials after another user has initialized the singleton, causing all subsequen...

6CVSS6AI score0.00205EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 9:31 p.m.7 views

Deserialization of Untrusted Data

Overview MessagePack is a MessagePackMsgPack Serializer for C.NET, .NET Core, Unity, Xamarin. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the typeless deserialization process. An attacker can instantiate disallowed or dangerous types by wrapping them...

7.5CVSS5.8AI score0.00246EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 9:29 p.m.7 views

Inefficient Algorithmic Complexity

Overview MessagePack is a MessagePackMsgPack Serializer for C.NET, .NET Core, Unity, Xamarin. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the InterfaceLookupFormatter process. An attacker can cause excessive CPU consumption by supplying specially...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 9:26 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview MessagePack is a MessagePackMsgPack Serializer for C.NET, .NET Core, Unity, Xamarin. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the deserialization process for multi-dimensional arrays. An attacker can cause excessive memor...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 9:25 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview MessagePack is a MessagePackMsgPack Serializer for C.NET, .NET Core, Unity, Xamarin. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Deserialize function. An attacker can cause excessive memory allocation or process...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 9:22 p.m.9 views

Uncontrolled Recursion

Overview MessagePack is a MessagePackMsgPack Serializer for C.NET, .NET Core, Unity, Xamarin. Affected versions of this package are vulnerable to Uncontrolled Recursion in the DynamicUnionResolver.BuildDeserialize process. An attacker can cause a process crash by providing a specially crafted uni...

7.5CVSS5.7AI score0.00231EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 9:16 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the absence of a restriction on tile sizes in the TIFF image decoding process. An attacker can cause excessive memory consumption by providing a specially crafted image file wi...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 9:16 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the absence of a restriction on tile sizes in the TIFF image decoding process. An attacker can cause excessive memory consumption by providing a specially crafted image file wi...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 9:16 p.m.6 views

Uncaught Exception

Overview golang.org/x/image/webp is a Package webp implements a decoder for WEBP images. Affected versions of this package are vulnerable to Uncaught Exception in the webp decoder when processing a VP8 chunk with dimensions that do not match the canvas size. An attacker can cause a denial of...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 9:16 p.m.6 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the webp decoder when processing a VP8 chunk with dimensions that do not match the canvas size. An attacker can cause a denial of service by supplying a crafted WebP image that triggers a panic during decoding...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 8:14 p.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the router process in the S3 and Iceberg REST gateways when path cleaning is disabled. An attacker can gain unauthorized access to resources in other buckets by crafting requests containing .. segments in the...

10CVSS6AI score0.00345EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/25 8:14 p.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the router process in the S3 and Iceberg REST gateways when path cleaning is disabled. An attacker can gain unauthorized access to resources in other buckets by crafting requests containing .. segments in the...

10CVSS6AI score0.00345EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/25 8:14 p.m.3 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the router process in the S3 and Iceberg REST gateways when path cleaning is disabled. An attacker can gain unauthorized access to resources in other buckets by crafting requests containing .. segments in the...

10CVSS6AI score0.00345EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/25 7:51 p.m.6 views

Uncontrolled Recursion

Overview MessagePack is a MessagePackMsgPack Serializer for C.NET, .NET Core, Unity, Xamarin. Affected versions of this package are vulnerable to Uncontrolled Recursion in the JSON conversion process. An attacker can cause the application to exhaust the process stack and terminate unexpectedly by...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 7:36 p.m.8 views

Inefficient Algorithmic Complexity

Overview MessagePack is a MessagePackMsgPack Serializer for C.NET, .NET Core, Unity, Xamarin. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the ExpandoObjectFormatter.Deserialize process. An attacker can cause excessive CPU consumption and memory...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 7:19 p.m.6 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the Hook Authentication process. An attacker can execute arbitrary operating system commands by injecting shell metacharacters into the username or password fields during login. Remediation Upgrade...

9.8CVSS6.2AI score0.00533EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 7:19 p.m.7 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the Hook Authentication process. An attacker can execute arbitrary operating system commands by injecting shell metacharacters into the username or password fields during login. Remediation There is no fixed versio...

9.8CVSS6.1AI score0.00533EPSS
Exploits0References2
Total number of security vulnerabilities36144