Lucene search
K

32851 matches found

Snyk
Snyk
added 3 days ago3 views

Server-side Request Forgery (SSRF)

Overview snowflake-cli is a Snowflake CLI Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the !source or !load directives, which allow referencing remote URLs that are fetched at runtime without sufficient restriction on the request destination. An attacke...

9.6CVSS5.9AI score0.00118EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

SQL Injection

Overview snowflake-cli is a Snowflake CLI Affected versions of this package are vulnerable to SQL Injection via improper neutralization of parameters in the secret creation and spcs service log commands. An attacker can execute unintended SQL statements by supplying crafted input to vulnerable...

8.3CVSS5.9AI score0.00188EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Authorization Bypass Through User-Controlled Key

Overview modoboa is a Mail hosting made simple Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the PUT /api/v1/accounts/pk/password/ endpoint. An attacker can gain unauthorized access to privileged accounts by bypassing object-level access...

7.7CVSS5.8AI score0.00265EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the OAuth callback controller process. An attacker can execute arbitrary JavaScript in authenticated users' browsers by crafting malicious OAuth callback URLs containing unsanitized error query parameters...

6.1CVSS5.9AI score0.00168EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information in the process that handles SSID allowlist checks for internal network connections. An attacker can intercept sensitive information, such as access tokens and sensor data, by connecting th...

8.7CVSS5.8AI score0.00161EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

SQL Injection

Overview snowflake-cli is a Snowflake CLI Affected versions of this package are vulnerable to SQL Injection through the processing of attacker-controlled content in repository data, project configuration, manifest data, or specification input. An attacker can execute unintended SQL statements in...

8.8CVSS5.9AI score0.0032EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

SQL Injection

Overview snowflake-cli is a Snowflake CLI Affected versions of this package are vulnerable to SQL Injection via improper neutralization of local CLI parameters in the Cortex SQL or object listing command paths. An attacker can execute unintended SQL statements within the context of the current...

8.3CVSS5.9AI score0.0013EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Directory Traversal

Overview snowflake-cli is a Snowflake CLI Affected versions of this package are vulnerable to Directory Traversal via improper restriction of file path resolution. An attacker can access and exfiltrate arbitrary local files by supplying crafted project or repository content that references files...

8.7CVSS6.5AI score0.00139EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Arbitrary Code Injection

Overview snowflake-cli is a Snowflake CLI Affected versions of this package are vulnerable to Arbitrary Code Injection in the Snowpark annotation processor template. An attacker can execute arbitrary code by supplying crafted project content that is interpolated into generated Python code during...

9.2CVSS6.2AI score0.0037EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Insertion of Sensitive Information into Log File

Overview snowflake-cli is a Snowflake CLI Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the debug logging process. An attacker can access sensitive credentials by obtaining read access to local log files. This is only exploitable if...

6.8CVSS5.8AI score0.00108EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview autotel-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview autotel-backends is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview @webd-infra/query-designer-domain is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview @webda-infra-ui/static-images is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview @contentprod-authoring/block-manager is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview tivo-codelib-a is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview @citi-icg-171632/citicms-repo-component is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizatio...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago4 views

Malicious Package

Overview via-city-tools-m-particle is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview ui-ng-components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview @concerns/i18n is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Malicious Package

Overview @bscom/styling is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview @deel-ui/animation is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview @sixt-payment/form-react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview @digitalpharmacist/http-error-util is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview @alerts/components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Malicious Package

Overview unleash-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview @cseo-hr/trpweb-shared is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Malicious Package

Overview @webda-features/dashboard is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview @deel-core/client-payroll-onboarding-types is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Malicious Package

Overview @bc-workspace/utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago4 views

Malicious Package

Overview @appsource/utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview @bodata/angular-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview @cloudways-lab/unified-design-system is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview @webda-infra/search is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview uipath-sugar-sell is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Malicious Package

Overview sorenson-webfonts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Malicious Package

Overview wm-mapper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Malicious Package

Overview @planetlabs/admin-ng is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview @riskine-frontend/design-elements is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview @piewasm/pie-web-npm-package is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview @postman-app-monolith/renderer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Malicious Package

Overview @sec-loans-ui/utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Malicious Package

Overview @report-portal/service-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Malicious Package

Overview @react-thee/rapier is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview @postidigital-feature/oneaccount-orgadmin-front is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview @tbe-ui/ides is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview @content-editor/common is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Malicious Package

Overview @fed-sofia/jetify is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview @cxp-shared/string-utilities is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Malicious Package

Overview @hg-aka-prml/tapas-common is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Total number of security vulnerabilities32851