Lucene search
K

33544 matches found

Snyk
Snyk
added 3 days ago2 views

Weak Password Recovery Mechanism for Forgotten Password

Overview Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password through the loginlink process. An attacker can gain unauthorized access to user accounts by reusing a previously issued password reset link after the password has been changed. Thi...

5.1CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Compose.php process. An attacker can access arbitrary files on the server by crafting image source URLs containing traversal sequences after a valid CKEditor path prefix, which bypasses prefix validation and...

7.1CVSS6.5AI score0.00379EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Timing Attack

Overview pay is a package for processing payments in Ruby on Rails apps Affected versions of this package are vulnerable to Timing Attack via the validsignature? function. An attacker can recover valid webhook signatures by sending multiple requests with crafted Paddle-Signature header values and...

9.1CVSS6AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization in the checkSecurity process. An attacker can execute unauthorized filters, tags, or functions by manipulating the sandbox state between render...

8.7CVSS6AI score
Exploits0References3
Snyk
Snyk
added 3 days ago2 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the UnmarshalJSON function when processing attacker-controlled short ciphertexts. An attacker can cause the server to panic and disrupt service by submitting a specially crafted JSON payload with a...

5.3CVSS6AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

External Control of File Name or Path

Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to External Control of File Name or Path via the H5IOStore.verifydataset function and the fileeditor.py process. An attacker can access arbitrary files on the filesystem by...

6.8CVSS6.3AI score0.00127EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Deserialization of Untrusted Data

Overview ray is an A system for parallel and distributed Python that unifies the ML ecosystem. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the readwebdataset function. An attacker can execute arbitrary code on remote workers by supplying a specially...

8.8CVSS6.4AI score0.00483EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Deserialization of Untrusted Data

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the deserialization process. An attacker can execute arbitrary code, escalate privileges, tamper with data...

8.5CVSS6.1AI score0.00154EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Deserialization of Untrusted Data

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the deserialization process. An attacker can execute arbitrary code, escalate privileges, tamper with data...

8.5CVSS6.1AI score0.00175EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Deserialization of Untrusted Data

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialization process. An attacker can execute arbitrary code, escalate privileges, tamper with dat...

8.5CVSS6.1AI score0.00165EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Server-side Request Forgery (SSRF)

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request process. An attacker can access internal resources and potentially disclose sensitive...

8.5CVSS5.9AI score0.00148EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Deserialization of Untrusted Data

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the process responsible for dynamically managing code resources. An attacker can execute arbitrary code,...

8.5CVSS6.2AI score0.00155EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Deserialization of Untrusted Data

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialization process. An attacker can execute arbitrary code, escalate privileges, tamper with dat...

8.5CVSS6.1AI score0.00154EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Deserialization of Untrusted Data

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialization process. An attacker can execute arbitrary code, escalate privileges, tamper with dat...

8.5CVSS6.1AI score0.00169EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Arbitrary Code Injection

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Arbitrary Code Injection in the code generation process. An attacker can execute arbitrary code, escalate privileges, tamper with data, and...

8.5CVSS6.2AI score0.00175EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Arbitrary Code Injection

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Arbitrary Code Injection via the deserialization process. An attacker can execute arbitrary code, escalate privileges, tamper with data, and...

8.5CVSS6.1AI score0.00164EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' in the process responsible for dynamically managing code...

8.5CVSS6AI score0.00169EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Deserialization of Untrusted Data

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Deserialization of Untrusted Data via improper validation of allowed inputs. An attacker can execute arbitrary code, escalate privileges, tampe...

8.5CVSS6.1AI score0.00155EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Improper Input Validation

Overview pretix is a Reinventing presales, one ticket at a time Affected versions of this package are vulnerable to Improper Input Validation via improper validation of session parameters in the payment integration plugins and the use of shared cryptographic keys and salts across unrelated...

9.9CVSS6AI score0.00239EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Relative Path Traversal

Overview clearml is a ClearML - Auto-Magical Experiment Manager, Version Control, and MLOps for AI Affected versions of this package are vulnerable to Relative Path Traversal via the StorageManager.extracttocache process. An attacker can write arbitrary files to the filesystem by uploading a...

4.8CVSS6.7AI score0.00357EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Uncaught Exception

Overview @fastify/middie is a Middleware engine for Fastify Affected versions of this package are vulnerable to Uncaught Exception in the URL normalization process when handling malformed percent-encoded sequences in incoming request paths. An attacker can cause the Node.js process to terminate...

8.7CVSS6AI score0.00291EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Interpretation Conflict

Overview @fastify/middie is a Middleware engine for Fastify Affected versions of this package are vulnerable to Interpretation Conflict via the path parameter handling process. An attacker can gain unauthorized access to protected route handlers by sending a crafted URL containing an encoded slas...

9.3CVSS6AI score0.00299EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago4 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the process that handles user requests without proper validation of request origin. An attacker can perform unauthorized actions on behalf of authenticated users by tricking them into submitting...

8.3CVSS6AI score0.00157EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper handling of user-supplied input in the map format. An attacker can execute arbitrary JavaScript code in the context of users viewing affected pages by injecting malicious payloads. Details Cross-sit...

8.3CVSS5.8AI score0.00268EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Incomplete List of Disallowed Inputs

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the reduce method during deserialization. An attacker can execute arbitrary operating system commands ...

7.6CVSS6.2AI score0.00552EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago6 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the cProfile.run function during pickle deserialization. An attacker can execute arbitrary code by...

8.1CVSS6.1AI score0.00585EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the torch.utils.collectenv.run function in reduce methods. An attacker can execute arbitrary remote...

8.1CVSS6.2AI score0.00395EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the trace.Trace.run process. An attacker can execute arbitrary code by crafting a malicious pickle file th...

8.1CVSS6.1AI score0.00562EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Protection Mechanism Failure

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Protection Mechanism Failure via the trace.Trace.runctx function. An attacker can execute arbitrary code by crafting a malicious pickle file th...

8.1CVSS6.5AI score0.00637EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the doctest.debugscript function. An attacker can execute arbitrary commands by crafting malicious pickle...

8.1CVSS6AI score0.00769EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the run function in the profile.Profile class when used in pickle reduce methods. An attacker can execute...

8.1CVSS6.1AI score0.00638EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the code.InteractiveInterpreter process in reduce methods. An attacker can execute arbitrary code by...

8.1CVSS6.1AI score0.00499EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Uncontrolled Search Path Element

Overview app-builder-bin is an app-builder precompiled binaries Affected versions of this package are vulnerable to Uncontrolled Search Path Element through the execWine/executeAppBuilder command path in builder-util and app-builder-lib on non-Windows systems. An attacker can execute...

7.8CVSS6.3AI score0.00129EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Uncontrolled Search Path Element

Overview app-builder-lib is an electron-builder lib Affected versions of this package are vulnerable to Uncontrolled Search Path Element through the execWine/executeAppBuilder command path in builder-util and app-builder-lib on non-Windows systems. An attacker can execute attacker-controlled...

7.8CVSS6.3AI score0.00129EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the HttpExecutor.prepareRedirectUrlOptions process. An attacker can obtain sensitive credentials, such as GitLab's PRIVATE-TOKEN or mixed-case Authorization headers, by leveraging a...

8.2CVSS6AI score0.00235EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Heap-based Buffer Overflow

Overview json is a JSON implementation as a Ruby extension in C. Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the JSON.dump or JSON::Stategenerate process when streaming oversized attacker-controlled strings to an IO object. An attacker can cause a process...

6.3CVSS5.8AI score0.00301EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Cross-site Scripting (XSS)

Overview @n8n/n8n-nodes-langchain is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ChatTrigger template rendering in ChatTrigger/templates.ts. An authenticated user who can create or edit workflows can inject malicious JavaScript by supplying crafted Custo...

5.4CVSS5.7AI score0.00177EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Improper Privilege Management

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Improper Privilege Management in the updatePermissions process. An attacker can gain unauthorized administrative privileges by assigning high-value...

8.8CVSS5.8AI score0.00325EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Improper Privilege Management

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Improper Privilege Management in the updatePermissions process. An attacker can gain unauthorized administrative privileges by assigning high-value...

8.8CVSS5.8AI score0.00325EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the worklist server process. An attacker can cause the server to crash by sending a specially crafted query when the server is configured with a valid Called AE Title,...

8.7CVSS5.8AI score0.00395EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the bit-preserving C-GET storage mode process. An attacker can write files outside the intended output directory by sending specially crafted relative ../ or absolute file paths from a malicious or compromised...

9.8CVSS6.5AI score0.00435EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via repeated crafted connection requests to the process. An attacker can cause memory to be leaked by sending multiple specially crafted requests, which may eventually exhaust system...

8.7CVSS5.8AI score0.00379EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via the storescp process. An attacker can cause memory to be leaked by repeatedly sending crafted connection requests, which may result in the service being terminated and unavailable f...

8.7CVSS5.8AI score0.00379EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Arbitrary Code Injection

Overview txtai is an All-in-one open-source AI framework for semantic search, LLM orchestration and language model workflows Affected versions of this package are vulnerable to Arbitrary Code Injection via the function parameter in the /reindex API endpoint when it is resolved through the Resolve...

9.8CVSS6.6AI score0.00725EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition through the payWithCredit process. An attacker can bypass credit balance restrictions by sending concurrent payment requests, resulting in multiple invoices being paid using the same credit balance. Remediation Upgrade...

6CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to path and method values taken directly from incoming requests. An attacker can exhaust server memory and trigger an OOM by sending requests with arbitrary URL paths or custom HT...

8.7CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to path and method values taken directly from incoming requests. An attacker can exhaust server memory and trigger an OOM by sending requests with arbitrary URL paths or custom HT...

8.7CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Directory Traversal

Overview CefSharp.Common is a the CefSharp Chromium-based browser component 'Core' and common 'Element' components, needed by both WPF and WinForms. Affected versions of this package are vulnerable to Directory Traversal in FolderSchemeHandlerFactory through the URI-to-file-path resolution in...

6.9CVSS6.6AI score
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Prototype Pollution

Overview @adonisjs/bodyparser is a BodyParser middleware for AdonisJS http server to read and parse request body Affected versions of this package are vulnerable to Prototype Pollution via the BodyParserMiddleware process. An attacker can modify the Object.prototype globally by sending specially...

8.8CVSS6.3AI score0.00148EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect in the saferedirect process. An attacker can redirect users to an external domain by crafting a malicious continue parameter or embedding a malicious URL in a session-transfer token, which can be interpreted by browsers as...

5.3CVSS6AI score
Exploits0References2
Total number of security vulnerabilities33544