Lucene search
+L

36149 matches found

Snyk
Snyk
added 2026/06/24 9:0 p.m.5 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to a variant of the "Miasma" supply chain attack targeting the LeoPlatform npm ecosystem. A malicious actor compromised a legitimate maintainer account and used it to publish infected versions of this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:0 p.m.10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to a variant of the "Miasma" supply chain attack targeting the LeoPlatform npm ecosystem. A malicious actor compromised a legitimate maintainer account and used it to publish infected versions of this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to a variant of the "Miasma" supply chain attack targeting the LeoPlatform npm ecosystem. A malicious actor compromised a legitimate maintainer account and used it to publish infected versions of this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:0 p.m.7 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to a variant of the "Miasma" supply chain attack targeting the LeoPlatform npm ecosystem. A malicious actor compromised a legitimate maintainer account and used it to publish infected versions of this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to a variant of the "Miasma" supply chain attack targeting the LeoPlatform npm ecosystem. A malicious actor compromised a legitimate maintainer account and used it to publish infected versions of this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:0 p.m.7 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to a variant of the "Miasma" supply chain attack targeting the LeoPlatform npm ecosystem. A malicious actor compromised a legitimate maintainer account and used it to publish infected versions of this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:0 p.m.7 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to a variant of the "Miasma" supply chain attack targeting the LeoPlatform npm ecosystem. A malicious actor compromised a legitimate maintainer account and used it to publish infected versions of this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:0 p.m.17 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to a variant of the "Miasma" supply chain attack targeting the LeoPlatform npm ecosystem. A malicious actor compromised a legitimate maintainer account and used it to publish infected versions of this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:0 p.m.22 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to a variant of the "Miasma" supply chain attack targeting the LeoPlatform npm ecosystem. A malicious actor compromised a legitimate maintainer account and used it to publish infected versions of this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:0 p.m.6 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to a variant of the "Miasma" supply chain attack targeting the LeoPlatform npm ecosystem. A malicious actor compromised a legitimate maintainer account and used it to publish infected versions of this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:0 p.m.10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to a variant of the "Miasma" supply chain attack targeting the LeoPlatform npm ecosystem. A malicious actor compromised a legitimate maintainer account and used it to publish infected versions of this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:0 p.m.11 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to a variant of the "Miasma" supply chain attack targeting the LeoPlatform npm ecosystem. A malicious actor compromised a legitimate maintainer account and used it to publish infected versions of this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:0 p.m.10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to a variant of the "Miasma" supply chain attack targeting the LeoPlatform npm ecosystem. A malicious actor compromised a legitimate maintainer account and used it to publish infected versions of this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:0 p.m.8 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to a variant of the "Miasma" supply chain attack targeting the LeoPlatform npm ecosystem. A malicious actor compromised a legitimate maintainer account and used it to publish infected versions of this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:0 p.m.6 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to a variant of the "Miasma" supply chain attack targeting the LeoPlatform npm ecosystem. A malicious actor compromised a legitimate maintainer account and used it to publish infected versions of this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to a variant of the "Miasma" supply chain attack targeting the LeoPlatform npm ecosystem. A malicious actor compromised a legitimate maintainer account and used it to publish infected versions of this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 7:16 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the parselinktext function of mistune/inlineparser.py, which performs a regex search inside a loop that advances one character at a time when parsing fails, producing On² behavior...

8.7CVSS5.8AI score0.0035EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 7:15 p.m.10 views

Arbitrary Argument Injection

Overview Jellyfin.Common is an a Free Software Media System that puts you in control of managing and streaming your media. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the SubtitleEncoder.ConvertTextSubtitleToSrtInternal process. An attacker can achieve...

8.8CVSS6AI score0.00357EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 7:15 p.m.6 views

Directory Traversal

Overview Jellyfin.Common is an a Free Software Media System that puts you in control of managing and streaming your media. Affected versions of this package are vulnerable to Directory Traversal via the POST /ClientLog/Document endpoint, which uses unsanitized values from the Authorization header...

8.8CVSS6.5AI score0.00344EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 7:15 p.m.6 views

Cross-site Scripting (XSS)

Overview Jellyfin.Common is an a Free Software Media System that puts you in control of managing and streaming your media. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the AuthenticateByName process. An attacker can execute arbitrary JavaScript in the context o...

6.9CVSS5.9AI score0.00194EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 7:15 p.m.6 views

Incomplete List of Disallowed Inputs

Overview ghost is a publishing platform Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs through the isPrivateIp logic in core/server/lib/request-external.js. An attacker can make Ghost send server-side requests to internal services by supplying an external...

7.2CVSS6AI score0.00197EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 7:15 p.m.6 views

Directory Traversal

Overview Jellyfin.Common is an a Free Software Media System that puts you in control of managing and streaming your media. Affected versions of this package are vulnerable to Directory Traversal via the PathManager.GetAttachmentPath process. An attacker can achieve remote code execution by crafti...

6.3CVSS6.6AI score0.00258EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 7:15 p.m.5 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview ghost is a publishing platform Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in ghost/core/core/server/lib/request-external.js. An attacker can make the Ghost server connect to internal-network hosts by supplying an external URL that...

6.3CVSS6AI score0.0014EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 7:15 p.m.5 views

Server-side Request Forgery (SSRF)

Overview ghost is a publishing platform Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the populateImageSizes process in ghost/core/core/server/lib/mobiledoc.js. An authenticated staff user can trigger the server to make outbound requests to attacker-chos...

5.4CVSS6AI score0.00122EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 7:15 p.m.3 views

Improper Validation of Syntactic Correctness of Input

Overview ghost is a publishing platform Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the validation of filters on public API endpoints. An attacker can access private fields by sending specially crafted filter requests. Note: This is...

6.3CVSS6.1AI score0.00214EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 7:15 p.m.9 views

Arbitrary File Upload

Overview ghost is a publishing platform Affected versions of this package are vulnerable to Arbitrary File Upload through the Admin API /files/upload endpoint in ghost/core/core/server/api/endpoints/files.js. An attacker can make uploaded files be served with an attacker-chosen content type by...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 7:15 p.m.7 views

Information Exposure

Overview ghost is a publishing platform Affected versions of this package are vulnerable to Information Exposure via the members signin process. An attacker can enumerate registered email addresses by analyzing the differences in responses from the authentication endpoint. Remediation Upgrade gho...

6.9CVSS5.8AI score0.00206EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 7:15 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ActivityPub client when processing posts shared by a maliciously customized ActivityPub server. An attacker can execute arbitrary JavaScript code in the context of the user by injecting malicious content...

7.7CVSS5.9AI score0.00204EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 6:16 p.m.9 views

Malicious Package

Overview @kl-dolphin/swim is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 5:43 p.m.5 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the filterToDefinedArgumentsOnly process. An attacker can inject arbitrary unvalidated arguments with the ot prefix, which are then set as environment variables and included in the template context, by...

5.3CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 5:43 p.m.5 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the filterToDefinedArgumentsOnly process. An attacker can inject arbitrary unvalidated arguments with the ot prefix, which are then set as environment variables and included in the template context, by...

5.3CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 5:41 p.m.5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the ValidateArgumentType process. An attacker can gain unauthorized access to sensitive configuration details by sending unauthenticated requests to enumerate valid action binding IDs and their argument...

6.3CVSS5.8AI score0.00328EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 5:38 p.m.2 views

Unsynchronized Access to Shared Data in a Multithreaded Context

Overview Affected versions of this package are vulnerable to Unsynchronized Access to Shared Data in a Multithreaded Context in the parseTemplate process, which uses a shared tpl template instance across concurrent goroutines without synchronization. An attacker can cause process crashes,...

7.7CVSS5.8AI score0.00401EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/24 5:31 p.m.5 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the Liberty Web Services SOAP receiver. An attacker can write persistent entries into any user's LDAP entry and the shared root-realm Discovery branch by sending anonymous requests to the relevant endpoint,...

8.4CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 5:31 p.m.4 views

Improper Authorization

Overview org.openidentityplatform.openam:OpenFM is a Affected versions of this package are vulnerable to Improper Authorization. via the Liberty Web Services SOAP receiver. An attacker can write persistent entries into any user's LDAP entry and the shared root-realm Discovery branch by sending...

8.4CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 5:25 p.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the deserialization process of untrusted data in the WebAuthn authentication module. An attacker can execute arbitrary code in the context of the application server by supplying crafted serialized...

9.2CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 4:16 p.m.8 views

Deserialization of Untrusted Data

Overview feast is a Python SDK for Feast Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the ApplyFeatureView handler of registryserver.py, which calls FeatureView.fromproto and deserializes the feature view's embedded user-defined function before the appl...

9.8CVSS6.2AI score0.00862EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/24 3:31 p.m.7 views

Malicious Package

Overview normalize-plus is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 3:31 p.m.9 views

Malicious Package

Overview runtime-query is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 3:19 p.m.7 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow in the sscanf process when parsing LUT data lines from .spi3d files. An attacker can cause arbitrary code execution or application crash by supplying a specially crafted .spi3d file containing excessively long input line...

8.4CVSS6.4AI score0.0012EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 3:19 p.m.6 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to insufficient permission validation in the process. An attacker can obtain credential identifiers by leveraging global configuration privileges without having specific job configuration permissions. Remediati...

5.4CVSS6AI score0.0017EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 3:18 p.m.4 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the connect process. An attacker can establish unauthorized connections to arbitrary URLs by supplying attacker-controlled credential IDs. Remediation Upgrade org.jenkins-ci.plugins:gitee to version...

5.4CVSS6.1AI score0.00145EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 3:18 p.m.6 views

Cross-site Request Forgery (CSRF)

Overview io.jenkins.plugins:mcp-server is a The MCP Model Context Protocol Server Plugin for Jenkins implements the server-side component of the Model Context Protocol. This plugin enables Jenkins to act as an MCP server, providing context, tools, and capabilities to MCP clients, such as...

5.4CVSS5.8AI score0.00128EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 3:18 p.m.4 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the connect process. An attacker can initiate unauthorized connections to arbitrary URLs using credentials IDs of their choosing by tricking a user into performing unwanted actions while authenticated...

5.4CVSS6.1AI score0.00101EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 3:18 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the exwsAllocate process. An attacker can access arbitrary files on the controller file system and potentially execute code by supplying specially crafted path traversal sequences. Details A Directory Traversal...

8.8CVSS6.6AI score0.00595EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 3:18 p.m.4 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the global job priority configuration process. An attacker can modify configuration settings by tricking an authenticated user into submitting a malicious request. Remediation Upgrade...

5.1CVSS6AI score0.00152EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 3:18 p.m.5 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection due to build operations being performed on the Jenkins controller instead of the assigned agent. An attacker can execute arbitrary code on the Jenkins controller by obtaining Item/Configure permission. Remediati...

9.2CVSS6.2AI score0.0042EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 3:18 p.m.6 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing permission checks in the process responsible for handling Contrast metadata. An attacker can enumerate the names of configured Contrast metadata by leveraging Overall/Read permission. Remediation...

5.4CVSS6AI score0.00167EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 3:18 p.m.6 views

Missing Authorization

Overview io.jenkins.plugins:mcp-server is a The MCP Model Context Protocol Server Plugin for Jenkins implements the server-side component of the Model Context Protocol. This plugin enables Jenkins to act as an MCP server, providing context, tools, and capabilities to MCP clients, such as...

5.4CVSS6AI score0.00178EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 3:18 p.m.6 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to a missing permission check in the connect process. An attacker can initiate unauthorized connections to arbitrary URLs by supplying crafted credentials, potentially exposing sensitive information or...

5.4CVSS6.1AI score0.00167EPSS
Exploits0References2
Total number of security vulnerabilities36149