Lucene search
K

35547 matches found

Snyk
Snyk
added 3 days ago1 views

Embedded Malicious Code

Overview jscrambler is a Jscrambler Code Integrity API client. Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a cross-platform infostealer. A malicious actor compromised an npm publishing credential associated with Jscrambler, which allowed the attacker ...

9.8CVSS6.2AI score
Exploits0References2
Snyk
Snyk
added 3 days ago5 views

Directory Traversal

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

6.8CVSS6.5AI score0.00147EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago5 views

Server-side Request Forgery (SSRF)

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Crawl4AI backend process. An attacker can access internal network resources and sensitive informati...

8.5CVSS6.1AI score0.00221EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Information Exposure

Overview praisonai is a PraisonAI TypeScript AI Agents Framework - Node.js, npm, and Javascript AI Agents Framework Affected versions of this package are vulnerable to Information Exposure due to insecure default configuration that binds to all interfaces without requiring an API key and allows...

8.8CVSS6.1AI score0.00322EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago5 views

Insecure Default Initialization of Resource

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

8.7CVSS6.1AI score0.0026EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago5 views

User Impersonation

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

7.3CVSS6.2AI score0.00246EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago4 views

Arbitrary Code Injection

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Arbitrary Code Injection via the CodeAgent.executepython function. An attacker can execute arbitrary code and exfiltrate environment secrets...

10CVSS6.4AI score0.00544EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago4 views

Directory Traversal

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

9.9CVSS6.6AI score0.00538EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago5 views

Missing Authorization

Overview praisonai-platform is a Platform layer for PraisonAI — workspace, auth, issues, projects Affected versions of this package are vulnerable to Missing Authorization in the PATCH routes for projects, issues, and agents, where insufficient authorization checks allow a workspace member to...

7.1CVSS6.1AI score0.00256EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago5 views

Missing Authorization

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

7.1CVSS6.1AI score0.00256EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Arbitrary File Upload

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Arbitrary File Upload in the file upload process when a malformed Content-Type header is supplied and the file extension is...

4.4CVSS6.3AI score0.00245EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Server-side Request Forgery (SSRF)

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request process. An attacker can make arbitrary requests to internal or external syste...

8.8CVSS6.2AI score0.00133EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Cross-site Scripting (XSS)

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper input neutralization during web page generation. An attacker can execute arbitrary script...

6.1CVSS6.2AI score0.0015EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the process of modifying dynamically-determin...

8.8CVSS6.3AI score0.00161EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Open Redirect

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Open Redirect via the URL redirection process. An attacker can redirect users to malicious sites or poison cache by crafting...

5.9CVSS6.1AI score0.00133EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the deserialization process. An attacker can...

10CVSS6.3AI score0.00161EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago4 views

Malicious Package

Overview authvaultx is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 3 days ago4 views

Malicious Package

Overview auth-next-gen is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Incorrect Authorization

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Incorrect Authorization via the printInventory process. An attacker can access inventory and cost/order metadata from modules that should be restricted by leveraging...

5.3CVSS6.1AI score0.00252EPSS
Exploits1References2
Snyk
Snyk
added 4 days ago2 views

Cross-site Scripting (XSS)

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the UploadFileRequest process, which fails to properly sanitize SVG content unless PHP finfo reports image/svg+xml, and the...

8.7CVSS6.2AI score0.00351EPSS
Exploits1References2
Snyk
Snyk
added 4 days ago2 views

Open Redirect

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Open Redirect via the redirect-intended process. An attacker can redirect users to arbitrary external websites by manipulating the Referer header during the user edit flow...

6.1CVSS6.2AI score0.00232EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Cross-site Scripting (XSS)

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the headercolor setting in the branding configuration. An attacker with superadmin privileges can inject arbitrary CSS that impacts authenticate...

8.1CVSS6.1AI score0.00389EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Incorrect Authorization

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Incorrect Authorization in the Importer API endpoint when a user with CSV import capabilities and a valid API key can overwrite the createdby value of an import file. An...

6.9CVSS6.1AI score0.00195EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Authorization Bypass Through User-Controlled Key

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the unaccepted-assets report delete endpoint. An attacker can remove pending checkout acceptance records belonging to...

5.3CVSS6.1AI score0.00248EPSS
Exploits1References2
Snyk
Snyk
added 4 days ago2 views

Directory Traversal

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Directory Traversal via the image field during CSV import. An attacker can delete arbitrary files accessible to the server process by supplying a crafted path traversal stri...

7CVSS6.5AI score0.00378EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

CSV Injection

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to CSV Injection through the postActivityReport process. An attacker can cause arbitrary formula execution in spreadsheet software by injecting a specially crafted User-Agent...

7.3CVSS6.3AI score0.00269EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Incorrect Authorization

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Incorrect Authorization due to improper authorization in the legacy license checkin process. An attacker can reclaim license seats assigned to other users or assets by...

5.3CVSS6.1AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago1 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the MapMessage.asJson method, which emits the bare NaN, Infinity, or -Infinity tokens instead of an RFC 8259-compliant representation. An attacker can emit malformed JSON that corrupts the...

6.3CVSS6.1AI score0.0078EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the ReverseProxy.Rewrite process when the internal authentication token is forwarded to backend services via the x-tsdproxy-auth-token header. An attacker can gain unauthorized management API access and escala...

9.2CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Malicious Package

Overview type-elint is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Missing Authentication for Critical Function

Overview clauster is a Self-hosted web UI for spawning and managing Claude Code remote-control bridges on a remote host. Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the authentication process. An attacker can gain unauthorized access to the...

8.8CVSS6.2AI score
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview prestashop/psfacetedsearch is a PrestaShop module that adds layered navigation filters. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the getFromCache function. An attacker can...

9.8CVSS6.4AI score0.00092EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Malicious Package

Overview type-plint is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Malicious Package

Overview type-atob is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the auto-linking process by email, as the external identity provider does not verify ownership of the email address before linking accounts. An attacker can gain unauthorized access to a victim's local account...

6.3CVSS6.1AI score0.00189EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Missing Authorization

Overview github.com/zitadel/zitadel/internal/api/oidc is a package for identity infrastructure Affected versions of this package are vulnerable to Missing Authorization in the OAuth2 Token Exchange process. An attacker can gain elevated permissions by exchanging a low-privilege token for higher...

8.6CVSS6.1AI score0.00231EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the session process. An attacker can bypass token expiration enforcement by providing a JWT without the exp claim, resulting in tokens from trusted issuers being accepted indefinitely. Remediation...

4.2CVSS6.1AI score0.00167EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Improper Authentication

Overview prowler is a Prowler is an Open Source security tool to perform AWS, GCP and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI,...

9.6CVSS6.1AI score0.00296EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Incorrect Authorization

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Incorrect Authorization in the BulkUsersController::destroy process. An attacker can gain unauthorized ability to soft-delete other non-admin users by sending a direct POST...

7.1CVSS6.1AI score0.00285EPSS
Exploits1References2
Snyk
Snyk
added 4 days ago2 views

Missing Authorization

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Missing Authorization via the cancelbyadmin parameter in the asset request cancellation process. An attacker can cancel pending asset requests for other users by supplying a...

5.3CVSS6.1AI score0.002EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Cross-site Scripting (XSS)

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the markdown-textarea custom field processing. An attacker can execute arbitrary JavaScript in the context of another user by embedding a crafte...

5.4CVSS6.2AI score0.00173EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Incorrect Authorization

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Incorrect Authorization in the API location creation process when both Full Multiple Companies Support and scopelocationsfmcs are enabled. An attacker can create a child...

5.4CVSS6.1AI score0.00197EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Authorization Bypass Through User-Controlled Key

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the assetid field in the API update process. An attacker can gain unauthorized access to assets outside their company...

7.7CVSS6.1AI score0.00218EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago2 views

Authorization Bypass Through User-Controlled Key

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the POST /api/v1/kits/kitid/licenses endpoint. An attacker can gain unauthorized access to and manipulate license object...

5.4CVSS6.1AI score0.00175EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Improper Privilege Management

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Improper Privilege Management via the UsersController::update process. An attacker can remove or downgrade another user's administrative or granular permissions by submittin...

7CVSS6.1AI score0.00298EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Authorization Bypass Through User-Controlled Key

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via...

8.8CVSS6.1AI score0.0028EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Relative Path Traversal

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Relative Path Traversal via the displaySig process. An attacker can access arbitrary files outside the intended directory by supplying crafted input to the filename paramete...

7.1CVSS6.2AI score0.00329EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago6 views

Directory Traversal

Overview mcp-atlassian is a The Model Context Protocol MCP Atlassian integration is an open-source implementation that bridges Atlassian products Jira and Confluence with AI language models following Anthropic's MCP specification. This project enables secure, contextual AI interactions with...

7.7CVSS6.5AI score
Exploits0References2
Snyk
Snyk
added 4 days ago9 views

External Control of File Name or Path

Overview mcp-atlassian is a The Model Context Protocol MCP Atlassian integration is an open-source implementation that bridges Atlassian products Jira and Confluence with AI language models following Anthropic's MCP specification. This project enables secure, contextual AI interactions with...

7.7CVSS6.2AI score
Exploits0References3
Snyk
Snyk
added 4 days ago4 views

Protection Mechanism Failure

Overview safeinstall-cli is a Local-first CLI that blocks risky npm, pnpm, and bun installs before they run. Open source. Affected versions of this package are vulnerable to Protection Mechanism Failure through improper shell command parsing in the agent guard. An attacker can execute arbitrary...

8.8CVSS6.3AI score
Exploits0References3
Total number of security vulnerabilities35547