31958 matches found
Integer Underflow (Wrap or Wraparound)
Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Integer Underflow (Wrap or Wraparound)
Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Integer Underflow (Wrap or Wraparound)
Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
Integer Underflow (Wrap or Wraparound)
Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Integer Underflow (Wrap or Wraparound)
Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Integer Underflow (Wrap or Wraparound)
Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...
Integer Underflow (Wrap or Wraparound)
Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Integer Underflow (Wrap or Wraparound)
Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
Integer Underflow (Wrap or Wraparound)
Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Integer Underflow (Wrap or Wraparound)
Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...
Integer Underflow (Wrap or Wraparound)
Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Integer Underflow (Wrap or Wraparound)
Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound in the IPTC encoder. An attacker can access sensitive information or cause a partial denial of service by providing a specially crafted input file that triggers an out-of-bounds read. Remediation A f...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the buildexclusiveurl function. An attacker can redirect requests to an attacker-controlled host while preserving sensitive connection-scoped headers such as Authorization by supplying a...
Malicious Package
Overview citrea-bridge is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview citrea-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview citrea-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @zentrafinance/types is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview clementine-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @zentrafinance/sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @zentrafinance/contracts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview @zentrafinance/protocol-config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...
Malicious Package
Overview zentra-finance is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview zentra-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Improper Authorization
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Improper Authorization via the mention.json.php process. An attacker can enumerate user information by sending unauthenticated requests that match the required inp...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via unvalidated URL processing in the OAuth2 dynamic client registration process. An attacker can access internal network resources or sensitive information by supplying malicious URLs to be fetched by t...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via unvalidated URL processing in the OAuth2 dynamic client registration process. An attacker can access internal network resources or sensitive information by supplying malicious URLs to be fetched by t...
Insertion of Sensitive Information Into Sent Data
Overview n8n-mcp is an Integration between n8n workflow automation and Model Context Protocol MCP Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the telemetry sanitization process in event-validator.ts. An operator with access to the...
Symlink Attack
Overview apm-cli is a MCP configuration tool Affected versions of this package are vulnerable to Symlink Attack during the integration when symbolic links under certain directories are dereferenced and their target file contents are copied into project deployment directories. An attacker can acce...
Deserialization of Untrusted Data
Overview sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the ROUTER socket which binds to 0.0.0.0 by default and deserializes incoming messages using...
Deserialization of Untrusted Data
Overview sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the --enable-custom-logit-processor option, which allows untrusted Python objects to be...
Directory Traversal
Overview sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Directory Traversal via the upload filename parameter in specific endpoints. An unauthenticated attacker can overwrite or create...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the command update API. An attacker can impersonate existing system or custom commands by editing their own slash command trigger to match an already-registered trigger, potentially hijacking command...
Incorrect Authorization
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization via the command update API. An attacker can impersonate existing system or custom commands by editing their own slash...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the command update API. An attacker can impersonate existing system or custom commands by editing their own slash command trigger to match an already-registered trigger, potentially hijacking command...
Incorrect Authorization
Overview github.com/mattermost/mattermost-plugin-playbooks/server/app is a package for reliable and repeatable processes using checklists, automation, and retrospectives Affected versions of this package are vulnerable to Incorrect Authorization via the PUT API endpoint when updating playbooks. A...
Missing Authorization
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Missing Authorization via the post rewrite endpoint. An attacker can gain unauthorized access to the content of threads in private channels and...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the post rewrite endpoint. An attacker can gain unauthorized access to the content of threads in private channels and direct messages by sending a crafted request. Remediation Upgrade...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the support packet generation process. An attacker can access sensitive credentials in plaintext by downloading a support packet from the System Console. This is only exploitable if t...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the Slack import process. An attacker can gain unauthorized access to user accounts by obtaining disclosed passwords and impersonating users. Remediation Upgrade...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the Slack import process. An attacker can gain unauthorized access to user accounts by obtaining disclosed passwords and impersonating users. Remediation Upgrade...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Host header when constructing response URLs for custom slash commands. An attacker can redirect responses to a server under their control by sending a specially crafted request with a spoofed Hos...
Insertion of Sensitive Information into Log File
Overview github.com/mattermost/mattermost-plugin-calls/server is a package that enables voice calling and screen sharing functionality in Mattermost channels Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the plugin configuration process. ...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error via the burn-on-read reveal endpoint due to missing validation of the X-Requested-With header. An attacker can force the unauthorized reveal of a burn-on-read message without recipient consent by sending a crafte...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the membership sync process. An attacker can remove users from any channel, including private channels, by sending crafted membership sync messages from a remote cluster that is not authorized to access the...
Incorrect Authorization
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization via the membership sync process. An attacker can remove users from any channel, including private channels, by sending...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the group subscription process. An attacker can gain unauthorized access to groups that were not intended to be accessible by creating groups with prefixes matching those of whitelisted groups. Remediation A...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the invite confirmation process due to insufficient validation of the RefreshedToken. An attacker can bypass intended token rotation and reuse an original invite token by sending a crafted invite confirmation...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the error page composition process. An attacker can execute arbitrary JavaScript code in the context of affected users by injecting malicious content into unescaped variables when editing certain site...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the post update and patch API endpoints. An attacker can modify existing posts despite lacking posting privileges by sending crafted API requests. Remediation Upgrade...
Authentication Bypass by Primary Weakness
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness in the OAuth authorization code redemption process. An attacker can gain unauthorized access to resource...