Lucene search
K

35344 matches found

Snyk
Snyk
added 3 days ago3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the importEntry process when attacker-controlled input is passed to unserialize without restricting allowed classes. An attacker can achieve arbitrary code execution by tricking an authenticated admi...

9.6CVSS6.5AI score0.00379EPSS
Exploits0References3
Snyk
Snyk
added 3 days ago3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the deleteUserReaction process. An attacker can access and manipulate sensitive database information by injecting crafted SQL through the idreaction and id URL path parameters as an authenticated user. Remediation...

8.8CVSS6.1AI score0.00034EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper handling of the id parameter in the Bazar widget handler. An attacker can execute arbitrary JavaScript in the victim's browser by crafting a malicious URL that injects attacker-controlled attributes...

6.1CVSS6.2AI score0.00039EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the time parameter in the archived-revision workflow. An attacker can execute arbitrary JavaScript in the victim's browser, steal browser-accessible sensitive data, or perform actions as the victim by tricki...

6.1CVSS6.2AI score0.00031EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the rendering of form field labels and hints within templates due to improper output escaping. An attacker can execute arbitrary JavaScript code in the context of users viewing affected forms b...

5.5CVSS6.3AI score0.00034EPSS
Exploits0References3
Snyk
Snyk
added 3 days ago3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the deletePage process. An attacker can execute arbitrary SQL commands and exfiltrate sensitive data or disrupt database integrity by crafting a malicious page tag, making it non-orphaned through legitimate linking...

8.7CVSS6.3AI score0.00033EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the query or queries filters in public API endpoints. An attacker can access sensitive database information by injecting crafted SQL expressions into numeric filter parameters, allowing them to infer data based on the...

8.7CVSS6.1AI score0.00047EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the verifySignature process. An attacker can cause the server to initiate arbitrary outbound HTTP requests to internal or external hosts by supplying a crafted Signature.keyId header, potentially...

8.3CVSS6.2AI score0.00066EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the verifySignature process due to improper verification of cryptographic signatures when handling the return value of opensslverify. An attacker can gain unauthorized access and perfo...

8.8CVSS6.1AI score0.00022EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the erasespamedcomments process. An attacker can permanently delete arbitrary wiki pages, including critical or administrative pages, by sending crafted POST requests containing a suppr array with targeted page...

9.1CVSS6.2AI score0.00052EPSS
Exploits0References3
Snyk
Snyk
added 3 days ago3 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the period parameter in the recentchanges action when user input is not properly validated before being interpolated into a SQL query. An attacker can access arbitrary database content ...

7.1CVSS6.2AI score0.00044EPSS
Exploits0References3
Snyk
Snyk
added 3 days ago3 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine in the renderFromStringNoEscape process. An attacker can execute arbitrary code on the server by injecting malicious Twig expressions into the semantic template field...

7.1CVSS6.4AI score0.00109EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the restore process. An attacker can execute arbitrary shell commands as the application user by crafting a malicious backup archive containing specially named files that are processed during restoration. Remediati...

8.6CVSS6.3AI score
Exploits0References3
Snyk
Snyk
added 3 days ago0 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to insufficient enforcement of host revocation and operator status during certificate issuance and renewal processes. An attacker can regain valid certificates for blocked or offboarded hosts by re-enrolling or...

7.1CVSS
Exploits0References3
Snyk
Snyk
added 3 days ago0 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to insufficient enforcement of host revocation and operator status during certificate issuance and renewal processes. An attacker can regain valid certificates for blocked or offboarded hosts by re-enrolling or...

7.1CVSS
Exploits0References3
Snyk
Snyk
added 3 days ago0 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to insufficient enforcement of host revocation and operator status during certificate issuance and renewal processes. An attacker can regain valid certificates for blocked or offboarded hosts by re-enrolling or...

7.1CVSS
Exploits0References3
Snyk
Snyk
added 3 days ago0 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to insufficient enforcement of host revocation and operator status during certificate issuance and renewal processes. An attacker can regain valid certificates for blocked or offboarded hosts by re-enrolling or...

7.1CVSS
Exploits0References3
Snyk
Snyk
added 3 days ago3 views

Malicious Package

Overview none123s is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview txs-builder-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Directory Traversal

Overview mcp-text-editor is a MCP Text Editor Server - Edit text files via MCP protocol Affected versions of this package are vulnerable to Directory Traversal via the validatefilepath function. An attacker can access or modify files outside the intended directory by supplying crafted input to th...

7.5CVSS7AI score0.00347EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Cross-site Request Forgery (CSRF)

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the modules/plugins.php process. An attacker can trigger unauthorized plugin installation,...

6.9CVSS6.1AI score0.00013EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Arbitrary Code Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Arbitrary Code Injection in the actionRenderCardPreview process. An attacker can execute arbitrary PHP code and disclose sensitive information by injecting malicious event handlers into the...

8.6CVSS6.2AI score
Exploits0References2
Snyk
Snyk
added 3 days ago4 views

Directory Traversal

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Directory Traversal via the actionIcon process. An attacker can access arbitrary local .svg files by supplying crafted traversal sequences in the extension parameter, allowing disclosure of...

2.5CVSS6.5AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Improper Validation of Specified Quantity in Input

Overview pymonocypher is a Python ctypes bindings to the Monocypher library Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the argon2i32 function when the provided buffer for nbblocks is too small. An attacker can cause memory corruption ...

5.1CVSS6.4AI score
Exploits0References4
Snyk
Snyk
added 3 days ago5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via unsanitized input in the slug field during the export process. An attacker can cause arbitrary files and directories to be created or overwritten outside the intended export directory by submitting specially...

8.6CVSS6.5AI score0.00059EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via unsanitized input in the slug field during the export process. An attacker can cause arbitrary files and directories to be created or overwritten outside the intended export directory by submitting specially...

8.6CVSS6.5AI score0.00059EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the GetNotesByBookID function. An attacker can access metadata of soft-deleted notes belonging to any public book by sending unauthenticated requests with the deleted query parameter set to true. This allows...

6.9CVSS6.1AI score0.00048EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the VALUE regex pattern within the selector parsing process. An attacker can cause excessive CPU consumption and block server threads by submitting specially crafted attribute selectors with...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the compile function. An attacker can cause excessive memory consumption by supplying a large comma-separated selector list, leading to process termination or degraded system...

8.7CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

External Control of File Name or Path

Overview phantom-audio is an AI audio engineering system -- makes Claude a professional audio engineer Affected versions of this package are vulnerable to External Control of File Name or Path via unconfined tool path handling and lack of input size restrictions. An attacker can write or overwrit...

8.5CVSS6.2AI score
Exploits0References3
Snyk
Snyk
added 3 days ago3 views

Insufficiently Protected Credentials

Overview io.micronaut:micronaut-http-client is a modern, JVM-based, full stack microservices framework designed for building modular, easily testable microservice applications. Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the DefaultHttpClient proces...

8.2CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the DefaultHttpClient process, which follows redirects and forwards sensitive headers such as Authorization, Cookie, and Proxy-Authorization to redirect targets across domain boundaries. An attack...

8.2CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Infinite loop

Overview io.micronaut:micronaut-http-client is a modern, JVM-based, full stack microservices framework designed for building modular, easily testable microservice applications. Affected versions of this package are vulnerable to Infinite loop due to the lack of a maximum redirect count in the...

8.7CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop due to the lack of a maximum redirect count in the process handling HTTP redirections. An attacker can exhaust system resources and cause service disruption by triggering an infinite redirect loop. Remediation Upgrade...

8.7CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Allocation of Resources Without Limits or Throttling

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the accumulation of Client instances in the clients list within the event management process. An...

7.1CVSS6.1AI score
Exploits0References3
Snyk
Snyk
added 3 days ago2 views

Server-side Request Forgery (SSRF)

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isglobaladdress function. An attacker can access internal network resources or sensitive endpoints by supplying...

4.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 3 days ago4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to invalid limit option handling in normalizeOptions in lib/utils.js. An attacker can force oversized request bodies through by supplying an application configuration value for...

6.3CVSS6.1AI score0.0025EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Malicious Package

Overview nodemon-sudo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Malicious Package

Overview tslint-conf is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Malicious Package

Overview rio-design-tokens is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 3 days ago3 views

Malicious Package

Overview n8n-nodes-mcputils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Malicious Package

Overview mchain-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Total number of security vulnerabilities35344