Lucene search
+L

36127 matches found

Snyk
Snyk
•added 2026/06/25 6:43 p.m.•7 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the unauthenticated router-key and mcp-init-host paths. An attacker can gain unauthorized access or bypass authentication controls by sending crafted requests to these endpoints. Remediation Upgrade...

9.3CVSS5.8AI score
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:43 p.m.•5 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through the web archive download endpoint. An attacker can access resources beyond their authorized token scope by sending crafted requests to this endpoint. Remediation Upgrade...

9.1CVSS5.8AI score0.00403EPSS
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:43 p.m.•9 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the unauthenticated router-key and mcp-init-host paths. An attacker can gain unauthorized access or bypass authentication controls by sending crafted requests to these endpoints. Remediation Upgrade...

9.3CVSS5.8AI score
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:43 p.m.•3 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through the web archive download endpoint. An attacker can access resources beyond their authorized token scope by sending crafted requests to this endpoint. Remediation Upgrade gitea.dev/routers/web/repo to versi...

9.1CVSS6AI score0.00403EPSS
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:43 p.m.•6 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through the web archive download endpoint. An attacker can access resources beyond their authorized token scope by sending crafted requests to this endpoint. Remediation Upgrade gitea.dev/services/context to versi...

9.1CVSS6AI score0.00403EPSS
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:43 p.m.•6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the handling of SMTP DATA and /api/v1/send request bodies. An attacker can cause the application to exhaust system memory and become unresponsive by sending requests with...

8.7CVSS5.8AI score0.00099EPSS
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:43 p.m.•19 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the unauthenticated router-key and mcp-init-host paths. An attacker can gain unauthorized access or bypass authentication controls by sending crafted requests to these endpoints. Remediation Upgrade...

9.3CVSS5.8AI score
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:43 p.m.•19 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the unauthenticated router-key and mcp-init-host paths. An attacker can gain unauthorized access or bypass authentication controls by sending crafted requests to these endpoints. Remediation Upgrade...

9.3CVSS5.8AI score
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:43 p.m.•5 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation There is...

9.3CVSS5.8AI score0.0026EPSS
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:43 p.m.•4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation Upgrade...

9.3CVSS5.8AI score0.0026EPSS
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:43 p.m.•4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation Upgrade...

9.3CVSS5.8AI score0.0026EPSS
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:43 p.m.•5 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation Upgrade...

9.3CVSS5.8AI score0.0026EPSS
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:43 p.m.•7 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation There is...

9.3CVSS5.8AI score0.0026EPSS
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:43 p.m.•5 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation There is...

9.3CVSS5.8AI score0.0026EPSS
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:35 p.m.•7 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview MessagePack is a MessagePackMsgPack Serializer for C.NET, .NET Core, Unity, Xamarin. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' in the ReadDateTime function when processing a MessagePack timestamp...

8.2CVSS5.9AI score0.00255EPSS
Exploits0References6
Snyk
Snyk
•added 2026/06/25 6:26 p.m.•5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Azure Instance Identity Endpoint process. An attacker can access internal resources or sensitive information by sending crafted requests to the affected endpoint without authentication. Remediati...

6.9CVSS5.8AI score0.00335EPSS
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:26 p.m.•5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Azure Instance Identity Endpoint process. An attacker can access internal resources or sensitive information by sending crafted requests to the affected endpoint without authentication. Remediati...

6.9CVSS5.8AI score0.00335EPSS
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:26 p.m.•4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Azure Instance Identity Endpoint process. An attacker can access internal resources or sensitive information by sending crafted requests to the affected endpoint without authentication. Remediati...

6.9CVSS5.8AI score0.00335EPSS
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:26 p.m.•5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Azure Instance Identity Endpoint process. An attacker can access internal resources or sensitive information by sending crafted requests to the affected endpoint without authentication. Remediati...

6.9CVSS5.8AI score0.00335EPSS
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:26 p.m.•8 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling in the handling of MCP messages. An attacker can bypass security controls or inject unauthorized messages by crafting specially formatted MCP messages that are improperly parsed. Remediation Upgrade...

6.3CVSS5.8AI score
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:26 p.m.•4 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the share process. An attacker can access sensitive share information by sending unauthenticated requests. Remediation Upgrade github.com/gtsteffaniak/filebrowser/backend/common/settings ...

6.9CVSS5.8AI score0.00052EPSS
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:21 p.m.•3 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the realIP function. An attacker can gain unauthorized access to restricted resources, evade rate limiting, or manipulate security logs by supplying a crafted X-Forwarded-For header...

6.9CVSS5.8AI score
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:19 p.m.•6 views

Use of Less Trusted Source

Overview Affected versions of this package are vulnerable to Use of Less Trusted Source via the realIP function. An attacker can bypass IP-based access controls, rate limiting, and audit logging by sending crafted headers such as X-Forwarded-For, X-Real-IP, or True-Client-IP without validation...

8.7CVSS5.8AI score
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:19 p.m.•6 views

Use of Less Trusted Source

Overview Affected versions of this package are vulnerable to Use of Less Trusted Source via the realIP function. An attacker can bypass IP-based access controls, rate limiting, and audit logging by sending crafted headers such as X-Forwarded-For, X-Real-IP, or True-Client-IP without validation...

8.7CVSS5.8AI score
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:19 p.m.•5 views

Use of Less Trusted Source

Overview Affected versions of this package are vulnerable to Use of Less Trusted Source via the realIP function. An attacker can bypass IP-based access controls, rate limiting, and audit logging by sending crafted headers such as X-Forwarded-For, X-Real-IP, or True-Client-IP without validation...

8.7CVSS5.8AI score
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:19 p.m.•4 views

Use of Less Trusted Source

Overview Affected versions of this package are vulnerable to Use of Less Trusted Source via the realIP function. An attacker can bypass IP-based access controls, rate limiting, and audit logging by sending crafted headers such as X-Forwarded-For, X-Real-IP, or True-Client-IP without validation...

8.7CVSS5.8AI score
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:19 p.m.•7 views

Use of Less Trusted Source

Overview Affected versions of this package are vulnerable to Use of Less Trusted Source via the realIP function. An attacker can bypass IP-based access controls, rate limiting, and audit logging by sending crafted headers such as X-Forwarded-For, X-Real-IP, or True-Client-IP without validation...

8.7CVSS5.8AI score
Exploits0References3
Snyk
Snyk
•added 2026/06/25 6:18 p.m.•5 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error via the RealIP process. An attacker can cause misidentification of the request source IP by manipulating the X-Forwarded-For header, potentially bypassing access controls or falsifying request logs. Remediation...

8.7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/25 6:18 p.m.•5 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error via the RealIP process. An attacker can cause misidentification of the request source IP by manipulating the X-Forwarded-For header, potentially bypassing access controls or falsifying request logs. Remediation...

8.7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/25 6:18 p.m.•5 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error via the RealIP process. An attacker can cause misidentification of the request source IP by manipulating the X-Forwarded-For header, potentially bypassing access controls or falsifying request logs. Remediation...

8.7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/25 6:18 p.m.•5 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error via the RealIP process. An attacker can cause misidentification of the request source IP by manipulating the X-Forwarded-For header, potentially bypassing access controls or falsifying request logs. Remediation...

8.7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/25 6:18 p.m.•6 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error via the RealIP process. An attacker can cause misidentification of the request source IP by manipulating the X-Forwarded-For header, potentially bypassing access controls or falsifying request logs. Remediation...

8.7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/25 6:18 p.m.•6 views

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force in the login process. An attacker can gain unauthorized access to user accounts by performing unlimited automated authentication attempts without restriction. Remediation Upgrade...

6.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/25 6:18 p.m.•12 views

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force in the login process. An attacker can gain unauthorized access to user accounts by performing unlimited automated authentication attempts without restriction. Remediation Upgrade...

6.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/25 6:17 p.m.•5 views

Improper Validation of Integrity Check Value

Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value in the tarball extraction process when the integrity field is missing from the lockfile resolution. An attacker can introduce unauthorized...

8.1CVSS5.8AI score0.00126EPSS
Exploits1References2
Snyk
Snyk
•added 2026/06/25 6:17 p.m.•19 views

Improper Validation of Integrity Check Value

Overview @pnpm/lockfile.utils is an Utils for dealing with pnpm-lock.yaml Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value in the tarball extraction process when the integrity field is missing from the lockfile resolution. An attacker can introduce...

8.1CVSS5.8AI score0.00126EPSS
Exploits1References2
Snyk
Snyk
•added 2026/06/25 5:46 p.m.•8 views

Insertion of Sensitive Information Into Sent Data

Overview neotoma is a MCP server for structured personal data memory with unified source ingestion Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the /listrelationships and /retrievegraphneighborhood endpoints due to missing user ID...

3.1CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/25 5:35 p.m.•8 views

Improper Encoding or Escaping of Output

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the tomarkdown process. An attacker can inject malicious HTML or script into rendered Markdown by including a blank line within the te...

6.1CVSS5.8AI score
Exploits0References3
Snyk
Snyk
•added 2026/06/25 5:22 p.m.•4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the RADIUS authentication process. An attacker can gain unauthorized access by sending a spoofed Access-Accept response to the client, which fails to verify the response authenticator,...

7.7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/25 5:22 p.m.•3 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the RADIUS authentication process. An attacker can gain unauthorized access by sending a spoofed Access-Accept response to the client, which fails to verify the response authenticator,...

7.7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/25 5:20 p.m.•4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the org.opencontainers.image.title annotation in the artifact manifest when downloading OCI artifacts. An attacker can cause files to be written to arbitrary locations on the host filesystem by supplying a crafte...

8.1CVSS6.6AI score0.00292EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/25 5:20 p.m.•4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the parser process. An attacker can cause excessive memory consumption by submitting a specially crafted Helm chart archive that decompresses to a very large size. Remediation...

6.9CVSS6AI score0.0025EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/25 5:20 p.m.•5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the parser process. An attacker can cause excessive memory consumption by submitting a specially crafted Helm chart archive that decompresses to a very large size. Remediation...

6.9CVSS6AI score0.0025EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/25 5:20 p.m.•5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the parser process. An attacker can cause excessive memory consumption by submitting a specially crafted Helm chart archive that decompresses to a very large size. Remediation...

6.9CVSS6AI score0.0025EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/25 5:20 p.m.•6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the parser process. An attacker can cause excessive memory consumption by submitting a specially crafted Helm chart archive that decompresses to a very large size. Remediation...

6.9CVSS6AI score0.0025EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/25 5:20 p.m.•2 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path in the database import process. An attacker can overwrite arbitrary files on the host by manipulating Xray configuration values stored in the database, potentially leading to code execution and...

8.6CVSS6.5AI score0.00342EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/25 5:20 p.m.•3 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path in the database import process. An attacker can overwrite arbitrary files on the host by manipulating Xray configuration values stored in the database, potentially leading to code execution and...

8.6CVSS6.5AI score0.00342EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/25 5:7 p.m.•5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the token-read process. An attacker can generate unauthorized OAuth2 bearer tokens with arbitrary user, client, realm, and scope values by injecting attacker-controlled JSON into the...

7.1CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/25 5:7 p.m.•5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the token-read process. An attacker can generate unauthorized OAuth2 bearer tokens with arbitrary user, client, realm, and scope values by injecting attacker-controlled JSON into the...

7.1CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/25 5:0 p.m.•4 views

Insufficiently Protected Credentials

Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to Insufficiently Protected Credentials in repository-controlled configuration, where $ENVVAR placeholders in a project .npmrc or pnpm-workspace.yaml are expanded into registry request...

6.9CVSS6AI score0.00212EPSS
Exploits1References2
Total number of security vulnerabilities36127