Lucene search
K

35325 matches found

Snyk
Snyk
•added 2 days ago•1 views

Malicious Package

Overview none123s is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Malicious Package

Overview txs-builder-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•0 views

Directory Traversal

Overview mcp-text-editor is a MCP Text Editor Server - Edit text files via MCP protocol Affected versions of this package are vulnerable to Directory Traversal via the validatefilepath function. An attacker can access or modify files outside the intended directory by supplying crafted input to th...

7.5CVSS0.00347EPSS
Exploits0References2
Snyk
Snyk
•added 2 days ago•2 views

Cross-site Request Forgery (CSRF)

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the modules/plugins.php process. An attacker can trigger unauthorized plugin installation,...

6.9CVSS6.1AI score0.00013EPSS
Exploits0References2
Snyk
Snyk
•added 2 days ago•2 views

Arbitrary Code Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Arbitrary Code Injection in the actionRenderCardPreview process. An attacker can execute arbitrary PHP code and disclose sensitive information by injecting malicious event handlers into the...

8.6CVSS6.2AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•3 views

Directory Traversal

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Directory Traversal via the actionIcon process. An attacker can access arbitrary local .svg files by supplying crafted traversal sequences in the extension parameter, allowing disclosure of...

2.5CVSS6.5AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•0 views

Improper Validation of Specified Quantity in Input

Overview pymonocypher is a Python ctypes bindings to the Monocypher library Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the argon2i32 function when the provided buffer for nbblocks is too small. An attacker can cause memory corruption ...

5.1CVSS
Exploits0References4
Snyk
Snyk
•added 2 days ago•1 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via unsanitized input in the slug field during the export process. An attacker can cause arbitrary files and directories to be created or overwritten outside the intended export directory by submitting specially...

8.6CVSS6.5AI score0.00059EPSS
Exploits0References2
Snyk
Snyk
•added 2 days ago•3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via unsanitized input in the slug field during the export process. An attacker can cause arbitrary files and directories to be created or overwritten outside the intended export directory by submitting specially...

8.6CVSS6.5AI score0.00059EPSS
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the GetNotesByBookID function. An attacker can access metadata of soft-deleted notes belonging to any public book by sending unauthenticated requests with the deleted query parameter set to true. This allows...

6.9CVSS6.1AI score0.00048EPSS
Exploits0References2
Snyk
Snyk
•added 2 days ago•0 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the VALUE regex pattern within the selector parsing process. An attacker can cause excessive CPU consumption and block server threads by submitting specially crafted attribute selectors with...

8.7CVSS
Exploits0References2
Snyk
Snyk
•added 2 days ago•0 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the compile function. An attacker can cause excessive memory consumption by supplying a large comma-separated selector list, leading to process termination or degraded system...

8.7CVSS
Exploits0References2
Snyk
Snyk
•added 2 days ago•0 views

External Control of File Name or Path

Overview phantom-audio is an AI audio engineering system -- makes Claude a professional audio engineer Affected versions of this package are vulnerable to External Control of File Name or Path via unconfined tool path handling and lack of input size restrictions. An attacker can write or overwrit...

8.5CVSS
Exploits0References3
Snyk
Snyk
•added 2 days ago•1 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the DefaultHttpClient process, which follows redirects and forwards sensitive headers such as Authorization, Cookie, and Proxy-Authorization to redirect targets across domain boundaries. An attack...

8.2CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Insufficiently Protected Credentials

Overview io.micronaut:micronaut-http-client is a modern, JVM-based, full stack microservices framework designed for building modular, easily testable microservice applications. Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the DefaultHttpClient proces...

8.2CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop due to the lack of a maximum redirect count in the process handling HTTP redirections. An attacker can exhaust system resources and cause service disruption by triggering an infinite redirect loop. Remediation Upgrade...

8.7CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Infinite loop

Overview io.micronaut:micronaut-http-client is a modern, JVM-based, full stack microservices framework designed for building modular, easily testable microservice applications. Affected versions of this package are vulnerable to Infinite loop due to the lack of a maximum redirect count in the...

8.7CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•0 views

Allocation of Resources Without Limits or Throttling

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the accumulation of Client instances in the clients list within the event management process. An...

7.1CVSS
Exploits0References3
Snyk
Snyk
•added 2 days ago•0 views

Server-side Request Forgery (SSRF)

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isglobaladdress function. An attacker can access internal network resources or sensitive endpoints by supplying...

4.9CVSS
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to invalid limit option handling in normalizeOptions in lib/utils.js. An attacker can force oversized request bodies through by supplying an application configuration value for...

6.3CVSS6.1AI score0.0025EPSS
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Malicious Package

Overview nodemon-sudo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Malicious Package

Overview tslint-conf is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Malicious Package

Overview rio-design-tokens is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Malicious Package

Overview n8n-nodes-mcputils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Malicious Package

Overview mchain-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Malicious Package

Overview chain-api-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Malicious Package

Overview airkey-mfa-react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Malicious Package

Overview gitlens is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Malicious Package

Overview poc-node-npm is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Malicious Package

Overview security-console-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Malicious Package

Overview fusion-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Malicious Package

Overview breeze-feature-flag-poc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Malicious Package

Overview qlkube is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Malicious Package

Overview feedback-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Malicious Package

Overview rabi-snooze-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Malicious Package

Overview bizapi-portal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the ActiveDirectoryIdentityProvider process. An attacker can gain elevated permissions in Kubernetes clusters by editing the distinguished name DN of group entries in the Active Directory server's databa...

5.1CVSS6.1AI score0.0017EPSS
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the ActiveDirectoryIdentityProvider process. An attacker can gain elevated permissions in Kubernetes clusters by editing the distinguished name DN of group entries in the Active Directory server's databa...

5.1CVSS6.1AI score0.0017EPSS
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the ActiveDirectoryIdentityProvider process. An attacker can gain elevated permissions in Kubernetes clusters by editing the distinguished name DN of group entries in the Active Directory server's databa...

5.1CVSS6.1AI score0.0017EPSS
Exploits0References2
Snyk
Snyk
•added 2 days ago•2 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the ActiveDirectoryIdentityProvider process. An attacker can gain elevated permissions in Kubernetes clusters by editing the distinguished name DN of group entries in the Active Directory server's databa...

5.1CVSS6.1AI score0.0017EPSS
Exploits0References2
Snyk
Snyk
•added 2 days ago•2 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the ActiveDirectoryIdentityProvider process. An attacker can gain elevated permissions in Kubernetes clusters by editing the distinguished name DN of group entries in the Active Directory server's databa...

5.1CVSS6.1AI score0.0017EPSS
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the CORSFilter process. An attacker can access sensitive administrative REST endpoints by enticing an authorized user to visit a malicious web page, which then issues cross-origin requests and...

8.7CVSS6.1AI score0.00269EPSS
Exploits0References2
Total number of security vulnerabilities35325