Lucene search
K

35665 matches found

Snyk
Snyk
added 5 days ago4 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the rendering of form field labels and hints within templates due to improper output escaping. An attacker can execute arbitrary JavaScript code in the context of users viewing affected forms b...

5.5CVSS6.3AI score0.00034EPSS
Exploits0References3
Snyk
Snyk
added 5 days ago4 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the deletePage process. An attacker can execute arbitrary SQL commands and exfiltrate sensitive data or disrupt database integrity by crafting a malicious page tag, making it non-orphaned through legitimate linking...

8.7CVSS6.3AI score0.00033EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the query or queries filters in public API endpoints. An attacker can access sensitive database information by injecting crafted SQL expressions into numeric filter parameters, allowing them to infer data based on the...

8.7CVSS6.1AI score0.00047EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the verifySignature process. An attacker can cause the server to initiate arbitrary outbound HTTP requests to internal or external hosts by supplying a crafted Signature.keyId header, potentially...

8.3CVSS6.2AI score0.00066EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the verifySignature process due to improper verification of cryptographic signatures when handling the return value of opensslverify. An attacker can gain unauthorized access and perfo...

8.8CVSS6.1AI score0.00022EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the erasespamedcomments process. An attacker can permanently delete arbitrary wiki pages, including critical or administrative pages, by sending crafted POST requests containing a suppr array with targeted page...

9.1CVSS6.2AI score0.00052EPSS
Exploits0References3
Snyk
Snyk
added 5 days ago4 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the period parameter in the recentchanges action when user input is not properly validated before being interpolated into a SQL query. An attacker can access arbitrary database content ...

7.1CVSS6.2AI score0.00044EPSS
Exploits0References3
Snyk
Snyk
added 5 days ago4 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine in the renderFromStringNoEscape process. An attacker can execute arbitrary code on the server by injecting malicious Twig expressions into the semantic template field...

7.1CVSS6.4AI score0.00109EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the Avo::AttachmentsControllercreate process. An attacker can modify or replace attachment content, including binary data, filename, and content-type metadata, by directly accessing the upload endpoint and...

7.1CVSS6.1AI score
Exploits0References3
Snyk
Snyk
added 5 days ago3 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the restore process. An attacker can execute arbitrary shell commands as the application user by crafting a malicious backup archive containing specially named files that are processed during restoration. Remediati...

8.6CVSS6.3AI score
Exploits0References3
Snyk
Snyk
added 5 days ago6 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to insufficient enforcement of host revocation and operator status during certificate issuance and renewal processes. An attacker can regain valid certificates for blocked or offboarded hosts by re-enrolling or...

7.1CVSS6.1AI score
Exploits0References3
Snyk
Snyk
added 5 days ago6 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to insufficient enforcement of host revocation and operator status during certificate issuance and renewal processes. An attacker can regain valid certificates for blocked or offboarded hosts by re-enrolling or...

7.1CVSS6.1AI score
Exploits0References3
Snyk
Snyk
added 5 days ago4 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to insufficient enforcement of host revocation and operator status during certificate issuance and renewal processes. An attacker can regain valid certificates for blocked or offboarded hosts by re-enrolling or...

7.1CVSS6.1AI score
Exploits0References3
Snyk
Snyk
added 5 days ago3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to insufficient enforcement of host revocation and operator status during certificate issuance and renewal processes. An attacker can regain valid certificates for blocked or offboarded hosts by re-enrolling or...

7.1CVSS6.1AI score
Exploits0References3
Snyk
Snyk
added 5 days ago0 views

External Control of Assumed-Immutable Web Parameter

Overview ghost is a publishing platform Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter via the donation checkout process. An attacker can obtain full paid gift memberships at a minimal cost by manipulating checkout metadata without...

6.9CVSS6.1AI score0.00257EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Prototype Pollution

Overview @apidevtools/json-schema-ref-parser is a Parse, Resolve, and Dereference JSON Schema $ref pointers Affected versions of this package are vulnerable to Prototype Pollution in the Pointer.set process. An attacker can modify object prototype attributes by supplying crafted input to the...

6.5CVSS7AI score0.00262EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago0 views

Directory Traversal

Overview @mockoon/commons-server is a Mockoon's commons server library. Used in Mockoon desktop application and CLI. Affected versions of this package are vulnerable to Directory Traversal in the getSafeFilePath function in packages/commons-server/src/libs/server/server.ts, which validates the...

7.1CVSS6.5AI score0.0033EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago5 views

Command Injection

Overview ruflo is a Ruflo - Enterprise AI agent orchestration platform. Deploy 60+ specialized agents in coordinated swarms with self-learning, fault-tolerant consensus, vector memory, and MCP integration Affected versions of this package are vulnerable to Command Injection due to the exposure of...

10CVSS6.3AI score0.00442EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago1 views

Insufficiently Protected Credentials

Overview n8n-core is a Core functionality of n8n Affected versions of this package are vulnerable to Insufficiently Protected Credentials through the HTTP Request V3 pagination expression handling in packages/nodes-base/nodes/HttpRequest/V3/HttpRequestV3.node.ts and...

7.1CVSS6.1AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago1 views

Insufficiently Protected Credentials

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Insufficiently Protected Credentials through the HTTP Request V3 pagination expression handling in packages/nodes-base/nodes/HttpRequest/V3/HttpRequestV3.node.ts and...

7.1CVSS6.1AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago5 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop via the HTMLParser process. An attacker can cause excessive CPU consumption and render the system unresponsive by supplying specially crafted, malformed HTML with repeated unterminated markup declarations. Remediation A fi...

8.7CVSS6.1AI score0.00553EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago0 views

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via workflow credential handling in the workflow API and authentication guard code. An authenticated user with workflow:create permission can save, update, or import a crafted workflow that pollutes Object.prototype,...

8.5CVSS6.4AI score0.00297EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago1 views

Improper Restriction of Communication Channel to Intended Endpoints

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Improper Restriction of Communication Channel to Intended Endpoints via the AI Agents MCP verifier in packages/cli/src/modules/agents/builder/agents-builder-tools.service.ts. An attacker can send th...

7.1CVSS6.2AI score0.00263EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago1 views

User Impersonation

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to User Impersonation via the token-exchange identity-resolution service in packages/cli/src/modules/token-exchange/services/identity-resolution.service.ts. An attacker can authenticate as another user...

7.6CVSS6.1AI score0.00143EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

Malicious Package

Overview none123s is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago6 views

Malicious Package

Overview txs-builder-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago5 views

Directory Traversal

Overview mcp-text-editor is a MCP Text Editor Server - Edit text files via MCP protocol Affected versions of this package are vulnerable to Directory Traversal via the validatefilepath function. An attacker can access or modify files outside the intended directory by supplying crafted input to th...

7.5CVSS7AI score0.00347EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago2 views

Cross-site Request Forgery (CSRF)

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the modules/plugins.php process. An attacker can trigger unauthorized plugin installation,...

6.9CVSS6.1AI score0.00013EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago2 views

Arbitrary Code Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Arbitrary Code Injection in the actionRenderCardPreview process. An attacker can execute arbitrary PHP code and disclose sensitive information by injecting malicious event handlers into the...

8.6CVSS6.2AI score
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

Directory Traversal

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Directory Traversal via the actionIcon process. An attacker can access arbitrary local .svg files by supplying crafted traversal sequences in the extension parameter, allowing disclosure of...

2.5CVSS6.5AI score
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 5 days ago5 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 5 days ago5 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Regular Expression Denial of Service (ReDoS)

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 5 days ago5 views

Regular Expression Denial of Service (ReDoS)

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

Improper Validation of Specified Quantity in Input

Overview pymonocypher is a Python ctypes bindings to the Monocypher library Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the argon2i32 function when the provided buffer for nbblocks is too small. An attacker can cause memory corruption ...

5.1CVSS6.4AI score
Exploits0References4
Snyk
Snyk
added 5 days ago7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via unsanitized input in the slug field during the export process. An attacker can cause arbitrary files and directories to be created or overwritten outside the intended export directory by submitting specially...

8.6CVSS6.5AI score0.00059EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via unsanitized input in the slug field during the export process. An attacker can cause arbitrary files and directories to be created or overwritten outside the intended export directory by submitting specially...

8.6CVSS6.5AI score0.00059EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the GetNotesByBookID function. An attacker can access metadata of soft-deleted notes belonging to any public book by sending unauthenticated requests with the deleted query parameter set to true. This allows...

6.9CVSS6.1AI score0.00048EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the VALUE regex pattern within the selector parsing process. An attacker can cause excessive CPU consumption and block server threads by submitting specially crafted attribute selectors with...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the compile function. An attacker can cause excessive memory consumption by supplying a large comma-separated selector list, leading to process termination or degraded system...

8.7CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago6 views

External Control of File Name or Path

Overview phantom-audio is an AI audio engineering system -- makes Claude a professional audio engineer Affected versions of this package are vulnerable to External Control of File Name or Path via unconfined tool path handling and lack of input size restrictions. An attacker can write or overwrit...

8.5CVSS6.2AI score
Exploits0References3
Snyk
Snyk
added 5 days ago4 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the DefaultHttpClient process, which follows redirects and forwards sensitive headers such as Authorization, Cookie, and Proxy-Authorization to redirect targets across domain boundaries. An attack...

8.2CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago6 views

Insufficiently Protected Credentials

Overview io.micronaut:micronaut-http-client is a modern, JVM-based, full stack microservices framework designed for building modular, easily testable microservice applications. Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the DefaultHttpClient proces...

8.2CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop due to the lack of a maximum redirect count in the process handling HTTP redirections. An attacker can exhaust system resources and cause service disruption by triggering an infinite redirect loop. Remediation Upgrade...

8.7CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago5 views

Infinite loop

Overview io.micronaut:micronaut-http-client is a modern, JVM-based, full stack microservices framework designed for building modular, easily testable microservice applications. Affected versions of this package are vulnerable to Infinite loop due to the lack of a maximum redirect count in the...

8.7CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 5 days ago6 views

Allocation of Resources Without Limits or Throttling

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the accumulation of Client instances in the clients list within the event management process. An...

7.1CVSS6.1AI score
Exploits0References3
Total number of security vulnerabilities35665