Lucene search
K

59 matches found

Vulnrichment
Vulnrichment
added 2026/01/07 10:30 p.m.2 views

CVE-2025-69262 pnpm vulnerable to Command Injection via environment variable substitution

pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Cod...

7.5CVSS7.1AI score0.00949EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.4 views

PT-2026-1939

Name of the Vulnerable Software and Affected Versions pnpm versions 6.25.0 through 10.26.2 Description pnpm is a package manager susceptible to a Command Injection issue when utilizing environment variable substitution within .npmrc configuration files, specifically with tokenHelper settings...

7.8CVSS7.3AI score0.00949EPSS
Exploits1References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-6053

Malicious code in bioql PyPI...

6.7CVSS6.5AI score0.0037EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/06/16 8:10 p.m.20 views

CVE-2025-32798 Conda-build Allows Arbitrary Code Execution via Malicious Recipe Selectors

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build recipe processing logic has been found to be vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors. Currently, conda-build uses the eval function to process...

9.2CVSS0.00695EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 4:51 a.m.5 views

CVE-2019-10395

Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties...

5.4CVSS6.1AI score0.00688EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/11/04 12:0 a.m.9 views

Huawei EulerOS: Security Advisory for orc (EulerOS-SA-2024-2790)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7CVSS7.5AI score0.00379EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.17 views

EulerOS 2.0 SP11 : orc (EulerOS-SA-2024-2563)

According to the versions of the orc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially...

7CVSS7.5AI score0.00379EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/08/27 7:36 a.m.5 views

orc: Stack-based buffer overflow vulnerability in ORC

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI buil...

7CVSS6.2AI score0.00379EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/08/13 3:40 p.m.4 views

orc: Stack-based buffer overflow vulnerability in ORC

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI buil...

7CVSS6.2AI score0.00379EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2024/07/26 9:31 p.m.25 views

CVE-2024-40897

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

6.7CVSS6.9AI score0.00379EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2024/07/26 6:15 a.m.19 views

CVE-2024-40897

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

7CVSS7.2AI score0.00379EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/07/26 4:55 a.m.2 views

ORC vulnerable to stack-based buffer overflow

Overview ORC provided by GStreamer is typically used when developing GStreamer plugins. Stack-based buffer overflow vulnerability CWE-121 exists in orcparse.c of ORC. Yuhei Kawakoya of NTT Security Holdings reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7CVSS7.4AI score0.00379EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2024/04/17 1:10 p.m.390 views

Exploit for Deserialization of Untrusted Data in Apache Activemq

Apache ActiveMQ CVE-2023-46604 CVE-2023-46604 is a widely exp...

10CVSS10AI score0.99654EPSS
Exploits31
Redos
Redos
added 2024/04/10 12:0 a.m.23 views

ROS-20240410-22

Vulnerability of chroot build environment manager for creating RPM packages Mock is related to insufficient validation of the of input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

9.8CVSS7.3AI score0.01552EPSS
Exploits1
Veracode
Veracode
added 2023/08/22 11:14 a.m.27 views

Remote Code Execution (RCE)

org.jenkins-ci.plugins: convert-to-pipeline is vulnerable to Remote Code Execution RCE. The vulnerability exists due to improperly converting the build environment, build steps, and post-build actions of freestyle projects to the corresponding pipeline step invocations via simple string...

9.8CVSS7.9AI score0.00779EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/03/23 11:26 a.m.35 views

CVE-2023-28677

Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to prepare a crafted...

9.6AI score0.00779EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/06/01 7:58 p.m.41 views

sharp vulnerable to Command Injection in post-installation over build environment

There's a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. This is not part of any runtime code, does not affect Windows users at all, and is unlikely to affect anyone that already cares about the security of their...

6.7CVSS6.5AI score0.0037EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/06/01 7:58 p.m.11 views

GHSA-GP95-PPV5-3JC5 sharp vulnerable to Command Injection in post-installation over build environment

There's a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. This is not part of any runtime code, does not affect Windows users at all, and is unlikely to affect anyone that already cares about the security of their...

6.5CVSS6AI score0.0037EPSS
Exploits0References5
Veracode
Veracode
added 2022/05/27 6:31 a.m.20 views

Arbitrary Command Injection

sharp is vulnerable to arbitrary command injection. An attacker is able to set the value of the PKGCONFIGPATH environment variable in a build environment which allows arbitrary command injection at npm install time...

6.7CVSS7.2AI score0.0037EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/05/25 9:20 p.m.39 views

CVE-2022-29256 Possible vulnerability at 'npm install' time in sharp if an attacker has control over build environment

sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. If an attacker has the ability to set the value of the PKGCONFIGPATH...

6.5CVSS6.7AI score0.0037EPSS
Exploits0References2
Rows per page
Query Builder