Lucene search
K

33208 matches found

Snyk
Snyk
added 3 days ago2 views

Prototype Pollution

Overview @adonisjs/bodyparser is a BodyParser middleware for AdonisJS http server to read and parse request body Affected versions of this package are vulnerable to Prototype Pollution via the BodyParserMiddleware process. An attacker can modify the Object.prototype globally by sending specially...

8.8CVSS6.3AI score0.00148EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Malicious Package

Overview chai-as-persisted is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview chai-as-assured is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview rebrandly-domains-digger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview brock-react-alerts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview rebrandly-domains-search-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview quoting is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview brock-loader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview agent-starter-pack is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview setup-cicd is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview nbmolviz-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview postcss-property-rollup is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview confluent-kafka-javascript is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview livekit-agents is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview ts-lint-builders-v2.1 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview ts-linting-builder is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview rs-biginteger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Improper Authorization

Overview org.apache.activemq:apache-activemq is a Message Broker and Client implementations. Affected versions of this package are vulnerable to Improper Authorization due to improper access control in the Web Console process. An attacker can gain unauthorized administrative privileges by accessi...

8.6CVSS5.8AI score0.00392EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Incorrect Calculation of Buffer Size

Overview org.apache.activemq:apache-activemq is a Message Broker and Client implementations. Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size via the STOMP protocol when a remote unauthenticated peer sends a negative content-length value. An attacker can...

7.5CVSS6AI score0.00524EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Incorrect Calculation of Buffer Size

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size via the STOMP protocol when a remote unauthenticated peer sends a negative content-length value. An attacker c...

7.5CVSS6AI score0.00524EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Incorrect Calculation of Buffer Size

Overview Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size via the STOMP protocol when a remote unauthenticated peer sends a negative content-length value. An attacker can exhaust system resources or force abnormal connection closure by continuously streamin...

7.5CVSS6AI score0.00524EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

External Control of System or Configuration Setting

Overview org.apache.activemq:apache-activemq is a Message Broker and Client implementations. Affected versions of this package are vulnerable to External Control of System or Configuration Setting in the LdapNetworkConnector process. An attacker can instantiate unauthorized transports and trigger...

7.6CVSS5.8AI score0.00398EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

External Control of System or Configuration Setting

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to External Control of System or Configuration Setting in the LdapNetworkConnector process. An attacker can instantiat...

7.6CVSS5.8AI score0.00398EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

External Control of System or Configuration Setting

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to External Control of System or Configuration Setting in the LdapNetworkConnector process. An attacker can instantiate unauthorized transports and...

7.6CVSS5.8AI score0.00398EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Memory Allocation with Excessive Size Value

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the WireFormatInfo negotiation process. An attacker can cause the broker to allocate excessive memo...

8.7CVSS5.8AI score0.00524EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Memory Allocation with Excessive Size Value

Overview org.apache.activemq:apache-activemq is a Message Broker and Client implementations. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the WireFormatInfo negotiation process. An attacker can cause the broker to allocate excessive memory an...

8.7CVSS5.8AI score0.00524EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Memory Allocation with Excessive Size Value

Overview org.apache.activemq:activemq-client is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the WireFormatInfo negotiation process. An attacker can cause the...

8.7CVSS5.8AI score0.00524EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Memory Allocation with Excessive Size Value

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the unmarshalling process of OpenWire message property maps without...

7.5CVSS5.8AI score0.00524EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Memory Allocation with Excessive Size Value

Overview org.apache.activemq:activemq-client is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the unmarshalling process of OpenWire message property maps without...

7.5CVSS5.8AI score0.00524EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Memory Allocation with Excessive Size Value

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the unmarshalling process of OpenWire message property maps without proper size validation. An...

7.5CVSS5.8AI score0.00524EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Memory Allocation with Excessive Size Value

Overview org.apache.activemq:apache-activemq is a Message Broker and Client implementations. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the unmarshalling process of OpenWire message property maps without proper size validation. An attacker...

7.5CVSS5.8AI score0.00524EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Missing Authorization

Overview org.apache.activemq:apache-activemq is a Message Broker and Client implementations. Affected versions of this package are vulnerable to Missing Authorization in the process that manages temporary destinations. An attacker can gain unauthorized access to consume messages from another user...

8.2CVSS5.8AI score0.00377EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Missing Authorization

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Missing Authorization in the process that manages temporary destinations. An attacker can gain unauthorized access to consume messages from another...

8.2CVSS5.8AI score0.00377EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Missing Authorization

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Missing Authorization in the process that manages temporary destinations. An attacker can gain unauthorized access ...

8.2CVSS5.8AI score0.00377EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Memory Allocation with Excessive Size Value

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the STOMP NIO codec process. An attacker can cause the broker to buffer unbounded header data,...

8.7CVSS6AI score0.00524EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Allocation of Resources Without Limits or Throttling

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the OpenWire process. An attacker can exhaust system memory...

7.5CVSS5.8AI score0.00495EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Memory Allocation with Excessive Size Value

Overview org.apache.activemq:apache-activemq is a Message Broker and Client implementations. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value. via the STOMP NIO codec process. An attacker can cause the broker to buffer unbounded header data, leading ...

8.7CVSS6AI score0.00524EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Allocation of Resources Without Limits or Throttling

Overview org.apache.activemq:apache-activemq is a Message Broker and Client implementations. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the OpenWire process. An attacker can exhaust system memory by repeatedly sending BrokerInfo...

7.5CVSS5.8AI score0.00495EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Allocation of Resources Without Limits or Throttling

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the OpenWire process. An attacker can exhaust system memory by repeatedly sending BrokerInf...

7.5CVSS5.8AI score0.00495EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the STOMP NIO codec process. An attacker can cause the broker to buffer unbounded header data, leading to exhaustion of the JVM heap by sending header bytes that never terminate over a STO...

8.7CVSS6AI score0.00524EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Inefficient Algorithmic Complexity

Overview brace-expansion is a Brace expansion as known from sh/bash Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the expand function. An attacker can cause excessive CPU consumption and block the event loop by supplying a specially crafted string...

8.7CVSS5.8AI score0.00361EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Cross-site Scripting (XSS)

Overview org.apache.tomcat:tomcat is an implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the number guess process. An attacker can execute arbitrary...

6.1CVSS5.9AI score0.00173EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Always-Incorrect Control Flow Implementation

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to incorrect control flow in the RewriteValve process. An attacker can bypass...

7.3CVSS5.8AI score0.00218EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Always-Incorrect Control Flow Implementation

Overview org.apache.tomcat:tomcat is an implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to incorrect control flow in the RewriteValv...

7.3CVSS5.8AI score0.00218EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Always-Incorrect Control Flow Implementation

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to incorrect control flow in the RewriteValve process. An attacker can bypass intended rewrite rules by crafting...

7.3CVSS5.8AI score0.00218EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Always-Incorrect Control Flow Implementation

Overview org.apache.tomcat:tomcat-util is a Common code shared by multiple Tomcat components. Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to the incomplete logging of the effective web.xml when special roles and empty authorization...

9.1CVSS5.9AI score0.00285EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Improper Authorization

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Authorization due to the improper enforcement of security constraints in the default servlet when certain HTTP methods or...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Improper Authorization

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Authorization due to the improper enforcement of security constraints in the default servlet when certain HTTP methods or method omissions are configure...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Always-Incorrect Control Flow Implementation

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to the incomplete logging of the effective web.xml when special roles and empty authorization constraints are...

9.1CVSS5.8AI score0.00285EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Always-Incorrect Control Flow Implementation

Overview org.apache.tomcat:tomcat is an implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to the incomplete logging of the effective...

9.1CVSS5.8AI score0.00285EPSS
Exploits0References2
Total number of security vulnerabilities33208