Lucene search
K

35669 matches found

Snyk
Snyk
•added 5 days ago•4 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop due to the lack of a maximum redirect count in the process handling HTTP redirections. An attacker can exhaust system resources and cause service disruption by triggering an infinite redirect loop. Remediation Upgrade...

8.7CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•5 views

Infinite loop

Overview io.micronaut:micronaut-http-client is a modern, JVM-based, full stack microservices framework designed for building modular, easily testable microservice applications. Affected versions of this package are vulnerable to Infinite loop due to the lack of a maximum redirect count in the...

8.7CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•6 views

Allocation of Resources Without Limits or Throttling

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the accumulation of Client instances in the clients list within the event management process. An...

7.1CVSS6.1AI score
Exploits0References3
Snyk
Snyk
•added 5 days ago•5 views

Server-side Request Forgery (SSRF)

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isglobaladdress function. An attacker can access internal network resources or sensitive endpoints by supplying...

4.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to invalid limit option handling in normalizeOptions in lib/utils.js. An attacker can force oversized request bodies through by supplying an application configuration value for...

6.3CVSS6.1AI score0.0025EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•4 views

Malicious Package

Overview tslint-conf is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•7 views

Malicious Package

Overview nodemon-sudo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•6 views

Malicious Package

Overview rio-design-tokens is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•4 views

Malicious Package

Overview n8n-nodes-mcputils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•5 views

Malicious Package

Overview chain-api-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•3 views

Malicious Package

Overview mchain-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•5 views

Malicious Package

Overview airkey-mfa-react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•5 views

Malicious Package

Overview gitlens is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•6 views

Malicious Package

Overview fusion-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•4 views

Malicious Package

Overview bizapi-portal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•4 views

Malicious Package

Overview security-console-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•4 views

Malicious Package

Overview qlkube is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•5 views

Malicious Package

Overview breeze-feature-flag-poc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•7 views

Malicious Package

Overview rabi-snooze-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•10 views

Malicious Package

Overview poc-node-npm is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•4 views

Malicious Package

Overview feedback-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•3 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the ActiveDirectoryIdentityProvider process. An attacker can gain elevated permissions in Kubernetes clusters by editing the distinguished name DN of group entries in the Active Directory server's databa...

5.1CVSS6.1AI score0.0017EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•5 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the ActiveDirectoryIdentityProvider process. An attacker can gain elevated permissions in Kubernetes clusters by editing the distinguished name DN of group entries in the Active Directory server's databa...

5.1CVSS6.1AI score0.0017EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•4 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the ActiveDirectoryIdentityProvider process. An attacker can gain elevated permissions in Kubernetes clusters by editing the distinguished name DN of group entries in the Active Directory server's databa...

5.1CVSS6.1AI score0.0017EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•3 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the ActiveDirectoryIdentityProvider process. An attacker can gain elevated permissions in Kubernetes clusters by editing the distinguished name DN of group entries in the Active Directory server's databa...

5.1CVSS6.1AI score0.0017EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•5 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the ActiveDirectoryIdentityProvider process. An attacker can gain elevated permissions in Kubernetes clusters by editing the distinguished name DN of group entries in the Active Directory server's databa...

5.1CVSS6.1AI score0.0017EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•3 views

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the CORSFilter process. An attacker can access sensitive administrative REST endpoints by enticing an authorized user to visit a malicious web page, which then issues cross-origin requests and...

8.7CVSS6.1AI score0.00269EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•3 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the ssh process. An attacker can execute arbitrary commands on the operator's workstation by injecting malicious OpenSSH options when the operator runs non-interactive SSH commands. Remediation Upgrade...

8.3CVSS7.2AI score0.00293EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•5 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the ssh process. An attacker can execute arbitrary commands on the operator's workstation by injecting malicious OpenSSH options when the operator runs non-interactive SSH commands. Remediation There is n...

8.3CVSS7.2AI score0.00293EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00331EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00331EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00331EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00331EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00331EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00331EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00331EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00331EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•4 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the bosh create-env and bosh delete-env processes. An attacker can gain unauthorized access to sensitive credentials and execute arbitrary code with root privileges by performing a man-in-the-middle...

8.9CVSS7.2AI score0.00088EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•4 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the bosh create-env and bosh delete-env processes. An attacker can gain unauthorized access to sensitive credentials and execute arbitrary code with root privileges by performing a man-in-the-middle...

8.9CVSS7.2AI score0.00088EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•3 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the bosh create-env and bosh delete-env processes. An attacker can gain unauthorized access to sensitive credentials and execute arbitrary code with root privileges by performing a man-in-the-middle...

8.9CVSS7.2AI score0.00088EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•5 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the bosh create-env and bosh delete-env processes. An attacker can gain unauthorized access to sensitive credentials and execute arbitrary code with root privileges by performing a man-in-the-middle...

8.9CVSS7.2AI score0.00088EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•4 views

Malicious Package

Overview @calm2026/imux is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•3 views

Malicious Package

Overview clavuepro is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•4 views

Malicious Package

Overview myclaude-code is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•5 views

Malicious Package

Overview calvuepro is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•6 views

Malicious Package

Overview clavue-agent-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•7 views

Malicious Package

Overview clavue is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•3 views

Malicious Package

Overview tailwind-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•4 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the user endpoint in the /tequilapi/config API. An attacker can overwrite configuration settings and gain full control of the node by sending a specially crafted POST request. Remediation Upgrade...

7.5CVSS6.1AI score0.00367EPSS
Exploits1References2
Snyk
Snyk
•added 6 days ago•4 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via improper validation of input in the --write-link, --write-url-link,...

9CVSS6.3AI score0.00554EPSS
Exploits0References2
Total number of security vulnerabilities35669