Lucene search
K

2507 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago9 views

Malicious code in type-plint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37979cc60cff25e26406f3426f0dd7aeac12c13e55402c89f78228080cac0ad9 The package advertises itself as a pino-style logger but its exported middleware spawns lib/caller.js as a detached Node child process. lib/caller.js...

6.3AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added last week9 views

Malicious code in @vite-js/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 476576198de86a58304788ac79ac3c8ca21b5029d9e824e3ffab41f539146c3b Package @vite-js/ui impersonates the official vite package: package.json declares author 'Evan You', homepage 'https://vitejs.dev', ships an unmodifi...

6.3AI score
Exploits0References2
OSV
OSV
added last week2 views

MAL-2026-7021 Malicious code in @vite-js/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 476576198de86a58304788ac79ac3c8ca21b5029d9e824e3ffab41f539146c3b Package @vite-js/ui impersonates the official vite package: package.json declares author 'Evan You', homepage 'https://vitejs.dev', ships an unmodifi...

6.3AI score
Exploits0References2
NVD
NVD
added last week7 views

CVE-2026-59946

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and...

6.1CVSS0.00136EPSS
Exploits0References5
Cvelist
Cvelist
added last week33 views

CVE-2026-59946 Composer: Path traversal in package bin field lets dependencies chmod arbitrary host files

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and...

6.1CVSS0.00136EPSS
Exploits0References5
Debian CVE
Debian CVE
added last week7 views

CVE-2026-59946

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and...

6.1CVSS5.9AI score0.00136EPSS
Exploits0
CVE
CVE
added last week8 views

CVE-2026-59946

CVE-2026-59946 affects Composer (PHP dependency manager). A bin entry containing trailing .. path segments could resolve outside the package install directory, enabling the binary installation flow to chmod an existing host file to world-readable/world-executable during composer install, update, ...

6.1CVSS5.9AI score0.00136EPSS
Exploits0References5
OSV
OSV
added last week3 views

CVE-2026-59946 Composer: Path traversal in package bin field lets dependencies chmod arbitrary host files

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and...

6.1CVSS6.1AI score0.00136EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.9 views

PT-2026-56549

Name of the Vulnerable Software and Affected Versions Composer versions prior to 2.2.29 Composer versions prior to 2.10.2 Description A flaw in the binary installation flow allows a package bin entry containing .. path segments to resolve outside the package installation directory. This can lead ...

6.1CVSS6.2AI score0.00136EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/07/06 2:23 p.m.7 views

CVE-2026-55699

A flaw was found in pnpm, a package manager. When a malicious package with specially crafted manifest bin object keys such as "." or ".." is installed globally, subsequent package management operations like removal, update, or replacement could lead to the deletion of critical directories. This...

6.5CVSS5.9AI score0.00286EPSS
Exploits1References4
NVD
NVD
added 2026/07/06 2:16 a.m.9 views

CVE-2026-14788

A security vulnerability has been detected in radareorg radare2 up to 6.1.6. Affected by this vulnerability is the function rcorebinload of the file libr/core/cfile.c. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and...

7.8CVSS0.00135EPSS
Exploits1References7
OSV
OSV
added 2026/07/06 1:45 a.m.6 views

CVE-2026-14788 radareorg radare2 cfile.c r_core_bin_load use after free

A security vulnerability has been detected in radareorg radare2 up to 6.1.6. Affected by this vulnerability is the function rcorebinload of the file libr/core/cfile.c. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and...

4.8CVSS5.1AI score0.00135EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-55850

Name of the Vulnerable Software and Affected Versions radareorg radare2 versions prior to 6.1.7 Description A use after free issue exists in the r core bin load function within the libr/core/cfile.c file. This flaw allows a local attacker to trigger the condition through specific manipulation. Us...

7.8CVSS6.2AI score0.00135EPSS
Exploits1References12
ATTACKERKB
ATTACKERKB
added 2026/07/05 3:15 p.m.8 views

CVE-2026-14759

A security flaw has been discovered in radareorg radare2 up to 6.1.6. This issue affects the function rbinjavainnerclassesattrcalcsize of the file shlr/java/class.c of the component RBinJava Line Number Table Parser. Performing a manipulation results in heap-based buffer overflow. The attack...

4.8CVSS6.1AI score0.00153EPSS
Exploits1References7Affected Software1
Nuclei
Nuclei
added 2026/07/03 1:39 p.m.76 views

ZeroShell <= 1.0beta11 Remote Code Execution

ZeroShell 1.0beta11 and earlier via cgi-bin/kerbynet allows remote attackers to execute arbitrary commands through shell metacharacters in the type parameter in a NoAuthREQ x509List action. id: CVE-2009-0545 info: name: ZeroShell = 1.0beta11 Remote Code Execution author: geeknik severity: critica...

10CVSS6.2AI score0.90732EPSS
Exploits2References5
OSV
OSV
added 2026/07/02 4:5 p.m.9 views

GHSA-MHQ8-78PJ-5J79 OpenClaw's POSIX node system.run safe-bin allowlist could be widened by shell expansion

Summary On POSIX nodes, OpenClaw's system.run safe-bin checks could approve a command before shell expansion changed how the command was interpreted. A value that appeared to be a safe-bin argument could expand into additional shell words and become a file operand. This issue is limited to paired...

7.1CVSS6.1AI score0.00191EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 6:16 a.m.9 views

CVE-2026-13538

A vulnerability was determined in Wavlink WL-NU516U1-A M16U1V240425. The affected element is the function sub401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection. Remote...

6.5CVSS0.01306EPSS
Exploits0References10
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:4 a.m.7 views

xfrm: policy: fix use-after-free on inexact bin in xfrm_policy_bysel_ctx()

...

7.8CVSS5.8AI score0.00135EPSS
Exploits0
EUVD
EUVD
added 2026/06/26 11:46 p.m.12 views

EUVD-2026-39485

pnpm: Reserved bin name deletes PNPMHOME during global remove...

6.5CVSS5.8AI score0.00286EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/06/26 2:9 a.m.8 views

SUSE CVE-2026-53239

In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix use-after-free on inexact bin in xfrmpolicybyselctx Fix the race by pruning the bin while still holding xfrmpolicylock, before dropping it. Use xfrmpolicyinexactprunebin directly since the lock is already held...

7.8CVSS5.8AI score0.00135EPSS
Exploits0References3
Rows per page
Query Builder