Lucene search
+L

36346 matches found

Snyk
Snyk
added 2 days ago1 views

Malicious Package

Overview ai-p2p is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2 days ago1 views

Malicious Package

Overview loader1 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2 days ago1 views

Malicious Package

Overview websight-p2p is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2 days ago1 views

Malicious Package

Overview websight2-p2p is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2 days ago1 views

Malicious Package

Overview wordpad-text-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2 days ago1 views

Malicious Package

Overview vor8zakon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2 days ago1 views

Malicious Package

Overview claude-token-tracker-mcp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2 days ago1 views

Malicious Package

Overview @sectest429/hello-npm-world is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2 days ago1 views

Malicious Package

Overview field-plus is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2 days ago1 views

Malicious Package

Overview nyt-cms is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2 days ago1 views

Malicious Package

Overview n8n-nodes-rce-poc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Malicious Package

Overview internallibv907 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification through the processing of untrusted .isdocx or .pdf files, where ZIP entries and embedded files are inflated or read without validating their uncompressed size. An attacker...

7.1CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Command Injection

Overview systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection through the checkLinuxDCHPInterfaces function in lib/network.js. An attacker can execute arbitrary commands by supplying a malicious source path in a Lin...

8.7CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the parseBaggageHeaders extraction path in dd-trace-core/src/main/java/datadog/trace/core/baggage/BaggagePropagator.java. An attacker can exhaust CPU and memory by sending a...

8.7CVSS5.5AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Server-side Request Forgery (SSRF)

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the region parameter in the POST /api/oauth/kiro/api-key endpoint. An attacker can cause requests to be sent to arbitrary hosts with sensiti...

6.4CVSS5.5AI score0.00171EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Command Injection

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Command Injection via unvalidated arguments passed to the childprocess.spawn function. An attacker can execute arbitrary commands on the host operating system by sending malicio...

8.8CVSS5.9AI score0.00719EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Allocation of Resources Without Limits or Throttling

Overview websocket-driver is a websocket protocol handler with pluggable I/O. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via message compression through the hybi message handling in lib/websocket/driver/hybi.js. An attacker can make a...

8.2CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Improper Handling of Length Parameter Inconsistency

Overview websocket-driver is a websocket protocol handler with pluggable I/O. Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency through the hybi.js WebSocket frame processing in lib/websocket/driver. An attacker can corrupt how the server pars...

9.2CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 3 days ago6 views

Malicious Package

Overview rhynpm is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 3 days ago5 views

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the printallbugpageword.php process. An attacker can execute arbitrary JavaScript in the context of another user by uploading an image attachment with a specially...

8.6CVSS5.2AI score
Exploits0References2
Snyk
Snyk
added 3 days ago5 views

Improper Input Validation

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Improper Input Validation via the mcissueupdate process in the SOAP and REST APIs. An attacker can inject unauthorized TIMETRACKING and REMINDER notes by supplying a crafted notetype parameter,...

5.3CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 3 days ago5 views

Authorization Bypass Through User-Controlled Key

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the REST and SOAP API update process. An attacker can assign unreleased product versions by sending crafted API requests with insufficient...

5.3CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DeleteWithPathPrefix process. An attacker can access unintended files by deleting a shared directory using a path with a trailing slash, which leaves a stale public share that may expose future content if...

3.1CVSS5.3AI score0.00198EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DeleteWithPathPrefix process. An attacker can access unintended files by deleting a shared directory using a path with a trailing slash, which leaves a stale public share that may expose future content if...

3.1CVSS5.3AI score0.00198EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Use of Non-Canonical URL Paths for Authorization Decisions

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Use of Non-Canonical URL Paths for Authorization Decisions in the cleanUsername process. An attacker can gain unauthorized access to another user's files by registering a...

9.2CVSS5.3AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Use of Non-Canonical URL Paths for Authorization Decisions

Overview Affected versions of this package are vulnerable to Use of Non-Canonical URL Paths for Authorization Decisions in the cleanUsername process. An attacker can gain unauthorized access to another user's files by registering a username that normalizes to the same home directory as an existin...

9.2CVSS5.3AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Use of Non-Canonical URL Paths for Authorization Decisions

Overview Affected versions of this package are vulnerable to Use of Non-Canonical URL Paths for Authorization Decisions in the cleanUsername process. An attacker can gain unauthorized access to another user's files by registering a username that normalizes to the same home directory as an existin...

9.2CVSS5.3AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Use of Non-Canonical URL Paths for Authorization Decisions

Overview Affected versions of this package are vulnerable to Use of Non-Canonical URL Paths for Authorization Decisions in the cleanUsername process. An attacker can gain unauthorized access to another user's files by registering a username that normalizes to the same home directory as an existin...

9.2CVSS5.3AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Use of Non-Canonical URL Paths for Authorization Decisions

Overview Affected versions of this package are vulnerable to Use of Non-Canonical URL Paths for Authorization Decisions in the cleanUsername process. An attacker can gain unauthorized access to another user's files by registering a username that normalizes to the same home directory as an existin...

9.2CVSS5.3AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Use of Non-Canonical URL Paths for Authorization Decisions

Overview Affected versions of this package are vulnerable to Use of Non-Canonical URL Paths for Authorization Decisions in the cleanUsername process. An attacker can gain unauthorized access to another user's files by registering a username that normalizes to the same home directory as an existin...

9.2CVSS5.3AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Use of Non-Canonical URL Paths for Authorization Decisions

Overview Affected versions of this package are vulnerable to Use of Non-Canonical URL Paths for Authorization Decisions in the cleanUsername process. An attacker can gain unauthorized access to another user's files by registering a username that normalizes to the same home directory as an existin...

9.2CVSS5.3AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Use of Non-Canonical URL Paths for Authorization Decisions

Overview Affected versions of this package are vulnerable to Use of Non-Canonical URL Paths for Authorization Decisions in the cleanUsername process. An attacker can gain unauthorized access to another user's files by registering a username that normalizes to the same home directory as an existin...

9.2CVSS5.3AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Directory Traversal

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Directory Traversal in the archive builder process. An attacker can write files outside the intended extraction directory by uploading a file with a specially crafted...

6.9CVSS6.4AI score0.00259EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago5 views

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the install.php process. An attacker can execute arbitrary scripts in the context of the victim's browser by crafting a malicious URL containing user-supplied...

9.2CVSS5.2AI score
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Allocation of Resources Without Limits or Throttling

Overview ws is a simple to use websocket client, server and console for node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the receiver.js. An attacker can cause memory exhaustion by sending incomplete fragmented WebSocket...

8.7CVSS5.3AI score0.0045EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago5 views

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the printtestresult function in /admin/install.php. An attacker can inject malicious HTML or scripts by supplying crafted parameters, leading to credential phishing...

9.2CVSS4.8AI score
Exploits0References2
Snyk
Snyk
added 3 days ago4 views

Server-side Request Forgery (SSRF)

Overview phanan/koel is a personal audio streaming service. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isPublicHost process. An attacker can access internal resources and retrieve sensitive information by supplying a specially crafted podcast...

5.4CVSS5.3AI score
Exploits0References2
Snyk
Snyk
added 3 days ago4 views

Server-side Request Forgery (SSRF)

Overview phanan/koel is a personal audio streaming service. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the isSafeUrl process. An attacker can access internal network resources and sensitive cloud metadata endpoints by supplying a crafted URL that...

8.8CVSS5.3AI score
Exploits0References2
Snyk
Snyk
added 3 days ago7 views

Malicious Package

Overview fflask is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 3 days ago4 views

Server-side Request Forgery (SSRF)

Overview phanan/koel is a personal audio streaming service. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the createPodcastChannel.view endpoint and the PodcastService::getStreamableUrl process. An attacker can cause the backend to make arbitrary HTTP...

8.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 3 days ago4 views

Server-side Request Forgery (SSRF)

Overview phanan/koel is a personal audio streaming service. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the openStream function. An attacker can retrieve sensitive information from internal network resources by supplying a crafted URL to the...

7.7CVSS5.3AI score
Exploits0References2
Snyk
Snyk
added 3 days ago4 views

Server-side Request Forgery (SSRF)

Overview phanan/koel is a personal audio streaming service. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the createPodcastChannel.view process. An attacker can cause the server to initiate HTTP requests to internal or private network resources by...

8.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 3 days ago7 views

Missing Authorization

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Missing Authorization via the REST and SOAP API process. An attacker can modify issue statuses without proper authorization by sending crafted API requests that bypass intended access controls...

5.3CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 3 days ago5 views

Eval Injection

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Eval Injection in the admconfigset.php process. An attacker can execute arbitrary code by submitting a specially crafted configuration value that defines a class, which is then hoisted and...

8.6CVSS6AI score
Exploits0References2
Snyk
Snyk
added 3 days ago5 views

Authorization Bypass Through User-Controlled Key

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the mcichecklogin function in the SOAP API. An attacker can gain unauthorized administrator access by supplying a valid cookiestring and a...

9.8CVSS5.5AI score
Exploits0References3
Snyk
Snyk
added 3 days ago6 views

SQL Injection

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to SQL Injection via the historyorder configuration value in the historyapi.php process. An attacker can execute arbitrary SQL commands by injecting malicious input into the configuration, which i...

8.5CVSS7.2AI score
Exploits0References2
Snyk
Snyk
added 3 days ago5 views

Malicious Package

Overview datefmt-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 3 days ago7 views

Malicious Package

Overview npm-rce-poc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 3 days ago1 views

Improper Privilege Management

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Improper Privilege Management in the user/add endpoint. An attacker can gain unauthorized administrative privileges by sending a POST request with the...

8.8CVSS5.6AI score0.00246EPSS
Exploits0References2
Total number of security vulnerabilities36346