Lucene search
+L

35936 matches found

snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview tinyparrot is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the responseReadNamespacesArray function of the Shared Client Library when handling the ServerNamespaceArray argument. An attacker can cause a denial of service by sending specially crafted data that triggers...

3.1CVSS6.1AI score0.00419EPSS
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Insufficient Type Distinction

Overview typo3/cms-form is a Form Library, Plugin and Editor Affected versions of this package are vulnerable to Insufficient Type Distinction via the FileUpload or ImageUpload elements when allowedMimeTypes is configured. An attacker can upload files with arbitrary MIME types by bypassing...

6.3CVSS6.2AI score0.00174EPSS
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview motion-pull is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview nodemon-delog is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview nodemon-plint is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Server-side Request Forgery (SSRF)

Overview contao/core-bundle is an Open Source PHP Content Management System for people who want a professional website that is easy to maintain. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Feed Reader front-end module, which passes RSS feed URLs fr...

3.1CVSS6.2AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Information Exposure

Overview contao/core-bundle is an Open Source PHP Content Management System for people who want a professional website that is easy to maintain. Affected versions of this package are vulnerable to Information Exposure via the crawler that tries to prevent confidential HTTP client options from bei...

2.6CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Directory Traversal

Overview contao/core-bundle is an Open Source PHP Content Management System for people who want a professional website that is easy to maintain. Affected versions of this package are vulnerable to Directory Traversal due to an authenticated backend user who can access one job can request an...

3.1CVSS6.5AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview @oliviamcdaniel12/safer-buffer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview @sqlite-panel/createsql is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview @sqlite-group/sql-creator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview @sqlite-group/schema-generator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview @sqlite-clone/nodesql is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the ExecTool.Execute function in the exec tool component. An attacker can execute arbitrary operating system commands by providing crafted input to this function. Remediation There is no fixed version for...

5.3CVSS6.4AI score0.00622EPSS
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the ExecTool.Execute function in the exec tool component. An attacker can execute arbitrary operating system commands by providing crafted input to this function. Remediation There is no fixed version for...

5.3CVSS6.4AI score0.00622EPSS
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the ExecTool.Execute function in the exec tool component. An attacker can execute arbitrary operating system commands by providing crafted input to this function. Remediation There is no fixed version for...

5.3CVSS6.4AI score0.00622EPSS
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the GetSkill process in filesystem.go of the Workspace Handler. An attacker can access or modify files by exploiting symbolic link following remotely. Remediation There is no fixed version for...

6.5CVSS6.7AI score0.00288EPSS
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the GetSkill process in filesystem.go of the Workspace Handler. An attacker can access or modify files by exploiting symbolic link following remotely. Remediation There is no fixed version for...

6.5CVSS6.7AI score0.00288EPSS
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the WebTool.Execute function in the web.go file when processing the url argument. An attacker can make unauthorized requests to internal or external systems by supplying crafted URLs. Remediation The...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the WebTool.Execute function in the web.go file when processing the url argument. An attacker can make unauthorized requests to internal or external systems by supplying crafted URLs. Remediation The...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview akshajrawat.utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview @resolvx/core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview @tonsdk/core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview @aonunited/angular is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview @rockawayx/utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview @cw-ui/asio-neon-themes is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview micro-ui-loader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview @cw-ui/micro-ui-loader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview unified-ui-components-library is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview dom-weave is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview humanize-kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview relative-time-live is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview clipboard-drop is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview string-morph is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview sync-logger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview valid-scope is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview sight-bind is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview duration-kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview temp-cloak is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview avatar-forge is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview class-synth is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview @codex2005/logger-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview class-weaver is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview @emcd-vue/loans is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview @emcd-vue/b2b-pay-form is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Malicious Package

Overview @emcd-vue/auth is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the bytePlusDownloadVideo function. An attacker can access internal resources or perform unauthorized requests by supplying crafted values to the output.videourl argument. Remediation There is no fix...

6.5CVSS6.7AI score0.00209EPSS
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the writeFile function in the ACP ToolBridge Workspace Handler. An attacker can access or modify files outside the intended directory by supplying crafted path input remotely. Details A Directory Traversal attack...

6.5CVSS7AI score0.00294EPSS
Exploits0References2
snyk
snyk
•added 3 days ago•3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the writeFile function in the ACP ToolBridge Workspace Handler. An attacker can access or modify files outside the intended directory by supplying crafted path input remotely. Details A Directory Traversal attack...

6.5CVSS7AI score0.00294EPSS
Exploits0References2
Total number of security vulnerabilities35936