Lucene search
K

35669 matches found

Snyk
Snyk
added 5 days ago3 views

Malicious Package

Overview @luminarycloudinternal/lcvis-st is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago5 views

Malicious Package

Overview @luminarycloudinternal/frodo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

Malicious Package

Overview cursed-ecto-d3ab00 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

Malicious Package

Overview epic-internal-tools is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago5 views

Malicious Package

Overview ue-automation-scripts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

Malicious Package

Overview unreal-horde-dashboard is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Malicious Package

Overview ue-jenkins-buildkite is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

Malicious Package

Overview robomerge is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago6 views

Malicious Package

Overview voyager-web is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

Malicious Package

Overview searchresults is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago6 views

Malicious Package

Overview workspace-scripts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago6 views

Malicious Package

Overview @businessapp-microsites/apis is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago6 views

Malicious Package

Overview workspace-lint is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago5 views

Malicious Package

Overview nodemon-patch is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Malicious Package

Overview nodemon-gulp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago5 views

Malicious Package

Overview nodepack-daemon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago6 views

Malicious Package

Overview crypto-promiser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago5 views

Malicious Package

Overview paperclip-adapter-helpers is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

Malicious Package

Overview vps-new-manager is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the WebFetchTool.Execute function in the Guarded Web Fetch Flow process. An attacker can make the server initiate arbitrary HTTP requests to internal or external resources by supplying crafted URLs...

7.5CVSS6.7AI score0.00247EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the WebFetchTool.Execute function in the Guarded Web Fetch Flow process. An attacker can make the server initiate arbitrary HTTP requests to internal or external resources by supplying crafted URLs...

7.5CVSS6.7AI score0.00247EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the WebFetchTool.Execute function in the Guarded Web Fetch Flow process. An attacker can make the server initiate arbitrary HTTP requests to internal or external resources by supplying crafted URLs...

7.5CVSS6.7AI score0.00247EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the MQTT Channel Handler process due to improper handling of the clientid argument. An attacker can gain unauthorized access and perform actions with insufficient authorization by sending crafted requests...

6.5CVSS6.7AI score0.00214EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the MQTT Channel Handler process due to improper handling of the clientid argument. An attacker can gain unauthorized access and perform actions with insufficient authorization by sending crafted requests...

6.5CVSS6.7AI score0.00214EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago6 views

Symlink Attack

Overview decompress is a package that can be used for extracting archives. Affected versions of this package are vulnerable to Symlink Attack via the fs.link process. An attacker can gain unauthorized access to sensitive files or corrupt file contents by crafting an archive containing a hardlink...

6.9CVSS6.1AI score0.00248EPSS
Exploits1References2
Snyk
Snyk
added 5 days ago3 views

Authorization Bypass Through User-Controlled Key

Overview @arikusi/deepseek-mcp-server is a MCP Server for DeepSeek API integration - enables Claude Code to use DeepSeek Chat and Reasoner models Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the SessionStore process, which accepts...

8.8CVSS6.1AI score0.00225EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Missing Authentication for Critical Function

Overview @arikusi/deepseek-mcp-server is a MCP Server for DeepSeek API integration - enables Claude Code to use DeepSeek Chat and Reasoner models Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the POST /mcp endpoint due to the absence of...

6.9CVSS6.1AI score0.00429EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago9 views

Directory Traversal

Overview decompress is a package that can be used for extracting archives. Affected versions of this package are vulnerable to Directory Traversal via improper validation in the safeMakeDir function and extraction path validation process. An attacker can write arbitrary files outside the intended...

8.7CVSS6.5AI score0.00268EPSS
Exploits1References2
Snyk
Snyk
added 5 days ago6 views

Symlink Attack

Overview decompress is a package that can be used for extracting archives. Affected versions of this package are vulnerable to Symlink Attack in the symlink handling process. An attacker can create arbitrary symbolic links outside the intended extraction directory by crafting an archive with...

7.5CVSS6.2AI score0.00501EPSS
Exploits1References2
Snyk
Snyk
added 5 days ago3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ntitle parameter in the PFS module, which is processed through the TXT filter in pfs.main.php. An attacker can execute arbitrary scripts in the browser of users who view the affected folder listing by...

5.4CVSS6.2AI score0.00136EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the admin.php configuration update process. An attacker can modify administrator settings by tricking a logged-in administrator into submitting a forged POST request, which disables the file...

8.8CVSS6.2AI score0.00175EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Unsafe Dependency Resolution

Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution when the gh codespace jupyter process opens a JupyterLab URL supplied by a process inside a Codespace without validating that it is a loopback HTTP or HTTPS address. An attacker can execute arbitrary command...

4.4CVSS6.3AI score0.00198EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the validation process for BGP UPDATE messages containing an empty ASPATH attribute. An attacker can cause a panic and terminate the peer session by sending a malformed UPDATE with a zero-length...

8.2CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the validation process for BGP UPDATE messages containing an empty ASPATH attribute. An attacker can cause a panic and terminate the peer session by sending a malformed UPDATE with a zero-length...

8.2CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the validation process for BGP UPDATE messages containing an empty ASPATH attribute. An attacker can cause a panic and terminate the peer session by sending a malformed UPDATE with a zero-length...

8.2CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the BGP OPEN capability parsing process. An attacker can influence peer AS validation and capability negotiation by sending a specially crafted BGP OPEN message with a malformed capability length, causing the parse...

8.2CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the BGP OPEN capability parsing process. An attacker can influence peer AS validation and capability negotiation by sending a specially crafted BGP OPEN message with a malformed capability length, causing the parse...

8.2CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the BGP OPEN capability parsing process. An attacker can influence peer AS validation and capability negotiation by sending a specially crafted BGP OPEN message with a malformed capability length, causing the parse...

8.2CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

External Control of File Name or Path

Overview psd-tools is a Python package for working with Adobe Photoshop PSD files as described in specification. Affected versions of this package are vulnerable to External Control of File Name or Path through the save and open functions. An attacker can write arbitrary files to attacker-chosen...

4.6CVSS6.2AI score
Exploits0References3
Snyk
Snyk
added 6 days ago5 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity due to improper validation in the threshold counting process. An attacker can bypass multi-log threshold requirements by compromising a single log and forging multiple entries or...

8.2CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

External Control of File Name or Path

Overview py-rattler is an A blazing fast library to work with the conda ecosystem Affected versions of this package are vulnerable to External Control of File Name or Path via the build string in package metadata during cache materialization. An attacker can cause files to be written outside the...

5.4CVSS6.1AI score0.00033EPSS
Exploits0References3
Snyk
Snyk
added 6 days ago4 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect in the redirect URL validation process. An attacker can cause users to be redirected to arbitrary external sites by crafting a specially formatted URL that bypasses host and schema checks using a double slash prefix in the...

5.1CVSS6.2AI score
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization due to insufficient permission checks on the configuration-view/detail/create endpoint. An attacker can gain unauthorized access to create class definitions and potentially escalate privileges by sending crafted...

7.1CVSS6.1AI score0.00199EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Weak Password Recovery Mechanism for Forgotten Password

Overview Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via the resetPasswordUrl parameter in the password reset process. An attacker can gain unauthorized access to any administrator account and bypass two-factor authentication by...

8.8CVSS6.1AI score0.0035EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the key parameter in the columnFilters array, which is directly interpolated into SQL queries with manual backtick wrapping. An attacker can extract sensitive database information, including password hashes, by injecti...

7.7CVSS6.1AI score0.00249EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Malicious Package

Overview @kl-starfish/test-01 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Authorization Bypass Through User-Controlled Key

Overview sylius/sylius is a platform for PHP, based on Symfony framework. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GET /api/v2/shop/payment-requests/hash, PUT /api/v2/shop/payment-requests/hash, and POST...

6.3CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Incorrect Authorization

Overview sylius/sylius is a platform for PHP, based on Symfony framework. Affected versions of this package are vulnerable to Incorrect Authorization in the PATCH /api/v2/shop/account/orders/tokenValue/payments/paymentId endpoint. An attacker can assign payment methods that are not enabled for th...

5.3CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Improper Enforcement of Behavioral Workflow

Overview sylius/sylius is a platform for PHP, based on Symfony framework. Affected versions of this package are vulnerable to Improper Enforcement of Behavioral Workflow through the FormComponent process. An attacker can irreversibly modify or delete completed order data by performing actions suc...

7.1CVSS6.1AI score
Exploits0References3
Snyk
Snyk
added 6 days ago5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the importEntry process when attacker-controlled input is passed to unserialize without restricting allowed classes. An attacker can achieve arbitrary code execution by tricking an authenticated admi...

9.6CVSS6.5AI score0.00379EPSS
Exploits0References3
Total number of security vulnerabilities35669