Lucene search
K

14281 matches found

Nuclei
Nuclei
added yesterday50 views

Vite Dev Server - Path Traversal in Optimized Deps .map Handling

Vite development server versions prior to 8.0.5, 7.3.2, and 6.4.2 are vulnerable to path traversal through the optimized dependencies sourcemap handler. The dev server's handling of .map requests for optimized dependencies resolves file paths via normalizePathpath.resolveroot, url.slice1 and call...

6.3CVSS5.9AI score0.00914EPSS
Exploits1References3
Cvelist
Cvelist
added last week35 views

CVE-2026-13502 antlr ANTLR4 Maven Plugin GrammarDependencies.java ObjectInputStream.readObject toctou

A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.readObject of the file antlr4-maven-plugin/src/main/java/org/antlr/mojo/antlr4/GrammarDependencies.java of the component Maven Plugin. This manipulation causes time-of-check time-of-use. The attack is...

4.5CVSS0.00091EPSS
Exploits0References5
EUVD
EUVD
added last week7 views

EUVD-2026-40000

A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.readObject of the file antlr4-maven-plugin/src/main/java/org/antlr/mojo/antlr4/GrammarDependencies.java of the component Maven Plugin. This manipulation causes time-of-check time-of-use. The attack is...

4.5CVSS5.2AI score0.00091EPSS
Exploits0References5
CVE
CVE
added last week18 views

CVE-2026-13502

The CVE-2026-13502 entry concerns antlr ANTLR4 up to 4.13.2. It affects the function ObjectInputStream.readObject in the antlr4-maven-plugin’s GrammarDependencies.java, indicating a time-of-check time-of-use issue. The attack is restricted to local execution and requires a high degree of complexi...

4.5CVSS5.2AI score0.00091EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-13502

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.readObject of the file...

4.5CVSS5.1AI score0.00091EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 11:20 p.m.6 views

EUVD-2026-39483

pnpm: Repository-controlled configDependencies can select a pacquet native install engine...

7.5CVSS5.8AI score0.00127EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/26 11:20 p.m.13 views

pnpm: Repository-controlled configDependencies can select a pacquet native install engine

Maintainer Action Plan This report is ready to review with the shared patch branch. Start with the PR and the expected fixed behavior, then use the detailed exploit narrative below only if you want to replay the original path. - Advisory: CAND-PNPM-097 / GHSA-gj8w-mvpf-x27x - Advisory URL:...

8.8CVSS6.1AI score0.00127EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 9:49 p.m.6 views

pnpm: Tarball hash of GitHub git dependencies is not stored in lockfile

Summary A malicious codeload.github.com server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile. Details The lockfile does not store the hash of the dependencies from https://codeload.github.com This means that if this server was compromised or a person's...

7.5CVSS5.8AI score0.00116EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.7 views

SUSE SLES15 Security Update : google-guest-agent (SUSE-SU-2026:2612-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2612-1 advisory. This update for google-guest-agent fixes the following issues Security issues: - CVE-2026-39821: Update golang.org/x/net/idna...

10CVSS7AI score0.91969EPSS
Exploits4References60
Cvelist
Cvelist
added 2026/06/25 9:41 p.m.18 views

CVE-2021-47987 Parse Server - Arbitrary Code Execution via Malicious Version Tags

Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it define...

7.7CVSS0.0012EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 9:41 p.m.10 views

CVE-2021-47987

Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository, pointing to an unreviewed personal fork with write access. No releases were published with these tags; a project exposing a vulnerability would require a git-...

7.7CVSS5.9AI score0.0012EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 6:16 p.m.7 views

CVE-2026-55697

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. Before the patch, a repository could declare pacquet or @pnpm/pacquet as a config dependency and pnpm treated that repository-controlled dependency ...

8.8CVSS0.00127EPSS
Exploits1References1
NVD
NVD
added 2026/06/25 6:16 p.m.8 views

CVE-2026-48995

pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile. The lockfile does not store the hash of the dependencies from https://codeload.github.com. This means that if thi...

7.5CVSS0.00116EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 4:58 p.m.24 views

CVE-2026-48995

CVE-2026-48995 affects pnpm, a package manager. Prior to versions 10.33.4 and 11.0.7, a malicious codeload.github.com server could serve arbitrary tarballs and pnpm would install them regardless of the lockfile because the tarball hash is not stored in the lockfile. This could enable tampering of...

7.5CVSS5.9AI score0.00116EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/25 4:42 p.m.27 views

CVE-2026-55697 pnpm: Repository-controlled configDependencies can select a pacquet native install engine

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. Before the patch, a repository could declare pacquet or @pnpm/pacquet as a config dependency and pnpm treated that repository-controlled dependency ...

7.5CVSS0.00127EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 4:42 p.m.10 views

CVE-2026-55697

pnpm is vulnerable prior to 10.34.2 and 11.5.3: repository‑controlled configDependencies in pnpm-workspace.yaml could cause pnpm to install a repository‑controlled install‑engine (pacquet) by resolving a platform‑specific @pacquet/-/pacquet binary from node_modules/.pnpm-config and spawning it as...

8.8CVSS5.9AI score0.00127EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:42 p.m.22 views

CVE-2026-55697

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. Before the patch, a repository could declare pacquet or @pnpm/pacquet as a config dependency and pnpm treated that repository-controlled dependency ...

7.5CVSS5.9AI score0.00127EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52522

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.2 pnpm versions prior to 11.5.3 Description pnpm allows the installation of configDependencies declared in pnpm-workspace.yaml before command dispatch. A repository can declare pacquet or @pnpm/pacquet as a config...

8.8CVSS5.8AI score0.00127EPSS
Exploits1References9
OSV
OSV
added 2026/06/24 2:0 p.m.2 views

UBUNTU-CVE-2026-10536

A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...

5.9AI score0.00206EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 9:1 a.m.2 views

SUSE-SU-2026:2612-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues Security issues: - CVE-2026-39821: Update golang.org/x/net/idna dependency bsc1266603. - CVE-2026-39827: Update golang.org/x/crypto dependency bsc1266171. - CVE-2026-39828: Update golang.org/x/crypto dependency bsc1266171. -...

10CVSS6.9AI score0.91969EPSS
Exploits4References38
Rows per page
Query Builder