Lucene search
K

35669 matches found

Snyk
Snyk
added 6 days ago5 views

Allocation of Resources Without Limits or Throttling

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the pop filter, which allocates a full clone of its input array without...

8.7CVSS6.1AI score0.00384EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Improper Authorization

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization via the queue subscription process. An attacker can gain unauthorized...

7.1CVSS6.1AI score0.00488EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Improper Authorization

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization via the queue subscription process. An attacker can gain unauthorized...

7.1CVSS6.1AI score0.00488EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago6 views

Arbitrary Code Injection

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Arbitrary Code Injection via the createguardrail, updateguardrail, deleteguardrail, and patchguardrail handlers in the guardrails API. An attacker can upload or modify cust...

7.7CVSS6.3AI score0.00288EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the Decode function in the wire protocol when processing gzip-compressed messages. An attacker can cause excessive memory allocation and service unavailability by sendin...

8.7CVSS6.1AI score0.00408EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the Decode function in the wire protocol when processing gzip-compressed messages. An attacker can cause excessive memory allocation and service unavailability by sendin...

8.7CVSS6.1AI score0.00408EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the Decode function in the wire protocol when processing gzip-compressed messages. An attacker can cause excessive memory allocation and service unavailability by sendin...

8.7CVSS6.1AI score0.00408EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago6 views

External Control of File Name or Path

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to External Control of File Name or Path via request-supplied OIDC file references through the /health/testconnection handler in litellm/proxy/healthendpoints/healthendpoints....

6.9CVSS6.2AI score0.00278EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago6 views

Authentication Bypass Using an Alternate Path or Channel

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the OAuth2 passthrough fallback in MCPRequestHandler.processmcprequest in...

8.8CVSS6.1AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago8 views

Directory Traversal

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Directory Traversal via path traversal in the skill archive extraction logic in SkillPromptInjectionHandler and SkillsSandboxExecutor. An authenticated user with access to...

6.8CVSS6.5AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Infinite loop

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Infinite loop in the inline image decoding code in pypdf/generic/imageinline.py. An attacker can hang text extraction or other...

8.7CVSS6.1AI score0.00352EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago2 views

Directory Traversal

Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Directory Traversal via the bin field when it contains .. pa...

7CVSS6.5AI score0.00136EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview httplib2 is a small HTTP client library for Python. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification through the decompressContent function in httplib2/init.py. An attacker can exhaust memory and crash the client by sendin...

7.5CVSS6.1AI score0.00339EPSS
Exploits1References2
Snyk
Snyk
added 6 days ago2 views

Insertion of Sensitive Information into Log File

Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the...

5.7CVSS6.1AI score0.00108EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Infinite loop

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Infinite loop in ContentStream.readinlineimage in pypdf/generic/datastructures.py. An attacker can hang text extraction or any oth...

8.7CVSS6.1AI score0.00345EPSS
Exploits0References3
Snyk
Snyk
added 6 days ago2 views

Directory Traversal

Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Directory Traversal through improper validation of package...

9.6CVSS6.5AI score0.00132EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Incorrect Authorization

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Incorrect Authorization in the subscribe process. An attacker can gain unauthorized access to...

5.3CVSS6.1AI score0.00367EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Incorrect Authorization

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Incorrect Authorization in the subscribe process. An attacker can gain unauthorized access t...

5.3CVSS6.1AI score0.00367EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

NULL Pointer Dereference

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to NULL Pointer Dereference via the leafnode handshake process. An attacker can cause the serve...

8.7CVSS6.1AI score0.00732EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago6 views

NULL Pointer Dereference

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to NULL Pointer Dereference via the leafnode handshake process. An attacker can cause the server t...

8.7CVSS6.1AI score0.00732EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Incorrect Authorization

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient enforcement of destination permission checks for...

6.5CVSS6.1AI score0.00428EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Incorrect Authorization

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient enforcement of destination permission checks for...

6.5CVSS6.1AI score0.00428EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Improper Authorization

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization via the subscription authorization process. An attacker can access...

7.1CVSS6.1AI score0.00465EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Improper Authorization

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization via the subscription authorization process. An attacker can access...

7.1CVSS6.1AI score0.00465EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Incorrect Authorization

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Incorrect Authorization in the MQTT retained message delivery and QoS1+ durable replay process...

5.3CVSS6.1AI score0.00342EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Incorrect Authorization

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Incorrect Authorization in the MQTT retained message delivery and QoS1+ durable replay...

5.3CVSS6.1AI score0.00342EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Improper Authentication

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authentication in the parser fast path for inter-server connections, which applies ...

8.8CVSS6.1AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Allocation of Resources Without Limits or Throttling

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the MQTT CONNECT packet parser, which...

8.7CVSS6.1AI score0.00732EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Improper Authentication

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authentication in the parser fast path for inter-server connections, which applies a...

8.8CVSS6.1AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Allocation of Resources Without Limits or Throttling

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the MQTT CONNECT packet parser, whic...

8.7CVSS6.1AI score0.00732EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago6 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the readFileFromDisk function in tool-file-uploads.ts. An attacker can exfiltrate sensitive local files by prompt-injecting tool arguments that point the upload path at credential files such as...

8.9CVSS6.1AI score0.00289EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago6 views

Open Redirect

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Open Redirect via the filefetch function in the /gradioapi/file= endpoint. An attacker can redirect users to arbitrary URLs or access internal...

9.3CVSS6.2AI score0.00247EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Injection

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Injection in the MQTT SUBSCRIBE handling, which forwards protocol control characters from...

7.1CVSS6.2AI score0.00439EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Injection

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Injection in the MQTT SUBSCRIBE handling, which forwards protocol control characters from...

7.1CVSS6.2AI score0.00439EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper handling of AuthorizedKeysFile path expansion in the authentication. An attacker can gain unauthorized access to files outside the intended authorized-keys directory by supplying a path containing a...

7.7CVSS6.5AI score0.00285EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Symlink Attack

Overview github.com/hashicorp/nomad/helper/escapingfs is a simple and flexible workload orchestrator to deploy and manage containers docker, podman, non-containerized applications executable, Java, and virtual machines qemu across on-prem and clouds at scale. Nomad is supported on Linux, Windows,...

8.7CVSS6.1AI score0.00316EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the Docker task driver when a job submitter is able to bind-mount a host path into a container despite volume bind mounts being disabled. An attacker can gain unauthorized access to read and write files on the host...

8.7CVSS6.1AI score0.00316EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the scp.py file when handling filenames provided by a remote server. An attacker can overwrite arbitrary files on the client filesystem by sending specially crafted filenames containing directory traversal...

8.4CVSS6.5AI score0.00317EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the dynamic host volumes feature. An attacker can delete a sticky volume claim belonging to a job in another namespace by leveraging host volume delete permissions in a different namespace. Remediation Upgrad...

4.2CVSS6.1AI score0.0016EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Incorrect Authorization

Overview github.com/hashicorp/nomad/nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Nomad is easy to operate and scale and has native Consul and Vault integrations. Affected...

4.2CVSS6.1AI score0.0016EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Symlink Attack

Overview github.com/hashicorp/consul-template/template is a template rendering, notifier, and supervisor for @hashicorp Consul and Vault data Affected versions of this package are vulnerable to Symlink Attack via the writeToFile function. An attacker can cause template output to be written outsid...

5.7CVSS6.1AI score0.00105EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Inefficient Algorithmic Complexity

Overview elysia is an Ergonomic Framework for Human Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the getAll function in form data normalization for multipart/form-data endpoints. An attacker can cause excessive CPU consumption by submitting a large...

8.7CVSS6.1AI score0.00358EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the allowprivileged restriction enforcement within the Docker task driver's host namespace mode options. An attacker can access sensitive information from the host or other workloads on the same client by...

7.7CVSS6.1AI score0.00248EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Cross-site Scripting (XSS)

Overview @platejs/media is a Plate Media plugin Affected versions of this package are vulnerable to Cross-site Scripting XSS via the useMediaState file. An attacker can execute arbitrary JavaScript in the context of the victim's browser by crafting a document that sets a trusted video provider...

9.6CVSS6.2AI score0.00241EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Integer Overflow or Wraparound

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the Connz connection monitoring pagination handler, which...

7.7CVSS6.2AI score0.0056EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago6 views

Uncaught Exception

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Uncaught Exception in the WebSocket listener routing, which dispatches requests for the...

8.2CVSS6.1AI score0.00593EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Uncaught Exception

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Uncaught Exception in the WebSocket listener routing, which dispatches requests for the...

8.2CVSS6.1AI score0.00593EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Integer Overflow or Wraparound

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the Connz connection monitoring pagination handler, which...

7.7CVSS6.2AI score0.0056EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Incorrect Authorization

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Incorrect Authorization in the parser path for non-CONNECT initial client operations, which...

5.4CVSS6.1AI score0.00292EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Incorrect Authorization

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Incorrect Authorization in the parser path for non-CONNECT initial client operations, which...

5.4CVSS6.1AI score0.00292EPSS
Exploits0References2
Total number of security vulnerabilities35669