Lucene search
+L

9877 matches found

EUVD
EUVD
added 2026/06/26 11:46 p.m.14 views

EUVD-2026-39485

pnpm: Reserved bin name deletes PNPMHOME during global remove...

6.5CVSS5.8AI score0.00286EPSS
Exploits1References2
OSV
OSV
added 2026/06/26 8:30 p.m.3 views

GHSA-GM7F-V959-FR2G Fleet DM Vulnerable to Cross-Team Policy Data Exposure via Global Policy Read Endpoint

Summary The global policy read endpoint GET /api/latest/fleet/policies/policyid performs authorization against an empty fleet.Policy struct with nil TeamID, then fetches any policy by ID from the database without verifying the fetched policy actually belongs to the global scope. This allows a use...

4.3CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 8:30 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the GetPolicyByIDQueries process. An attacker can access policy data belonging to other teams by sending requests to the global policy read endpoint with valid credentials for any team, thereby bypassing...

5.3CVSS6AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 8:23 p.m.6 views

Security Bulletin: Cross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode Subsystem

Summary The voice mode subsystem src/backend/base/langflow/api/v1/voicemode.py contains two critical vulnerabilities that enable cross-tenant API key reuse and billing fraud. The first vulnerability involves a process-global ElevenLabs client singleton that caches the first user's API key and...

9.6CVSS5.8AI score0.00201EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2026/06/26 2:12 a.m.13 views

SUSE CVE-2026-53141

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix global performance monitor reference counting In the SETGLOBAL ioctl, v3dperfmonfind bumps the reference count on the perfmon it returns, but v3dperfmonsetglobalioctl and v3dperfmondelete fail to release that referen...

5.8AI score0.00121EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-53001

Name of the Vulnerable Software and Affected Versions Fleet DM affected versions not specified Description An issue exists in the global policy read endpoint GET /api/latest/fleet/policies/policy id where authorization is performed against an empty structure with a nil TeamID. This allows the...

4.3CVSS6AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/25 10:18 p.m.12 views

golang.org/x/crypto: Invoking client can cause server deadlock on unexpected responses

A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close, resulting in a resource leak per connection. Unsolicited global responses are now discarded...

9.1CVSS6AI score0.00533EPSS
Exploits0References40Affected Software1
EUVD
EUVD
added 2026/06/25 10:18 p.m.11 views

EUVD-2026-31397

golang.org/x/crypto/ssh: Invoking client can cause server deadlock on unexpected responses...

9.1CVSS5.8AI score0.00533EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 8:32 p.m.9 views

Malicious code in typedecode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 593662d3b4cda901642b713f419417807a33f3dca74e818f66e8d0cf9ebcf6e3 On require'typedecode' / import 'typedecode', the bundled dist/index.cjs and dist/index.js execute an obfuscated import-time payload. A bootstrap.js...

6.1AI score
Exploits0References4
OSV
OSV
added 2026/06/25 8:32 p.m.8 views

MAL-2026-6476 Malicious code in typedecode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 593662d3b4cda901642b713f419417807a33f3dca74e818f66e8d0cf9ebcf6e3 On require'typedecode' / import 'typedecode', the bundled dist/index.cjs and dist/index.js execute an obfuscated import-time payload. A bootstrap.js...

6.1AI score
Exploits0References4
NVD
NVD
added 2026/06/25 6:16 p.m.12 views

CVE-2026-55699

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When a malicious package was installed globally, later global remove, update, or add-replacement flows could re-derive those names from the installed manifest a...

6.5CVSS0.00286EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/25 4:44 p.m.24 views

CVE-2026-55699 pnpm: reserved bin name deletes PNPM_HOME during global remove

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When a malicious package was installed globally, later global remove, update, or add-replacement flows could re-derive those names from the installed manifest a...

6.5CVSS0.00286EPSS
Exploits1References1
OSV
OSV
added 2026/06/25 4:44 p.m.3 views

CVE-2026-55699 pnpm: reserved bin name deletes PNPM_HOME during global remove

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When a malicious package was installed globally, later global remove, update, or add-replacement flows could re-derive those names from the installed manifest a...

6.5CVSS5.9AI score0.00286EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:44 p.m.5 views

CVE-2026-55699

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When a malicious package was installed globally, later global remove, update, or add-replacement flows could re-derive those names from the installed manifest a...

6.5CVSS5.9AI score0.00286EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/25 4:44 p.m.24 views

CVE-2026-55699

CVE-2026-55699 affects pnpm. Prior to versions 10.34.2 and 11.5.3, manifest bin object keys such as "", ".", and ".." could bypass the bin-name guard. In a scenario where a malicious global package is installed, downstream global remove/update/add-replacement flows could re-derive those names and...

6.5CVSS5.9AI score0.00286EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/06/25 4:3 p.m.3 views

CVE-2026-55413 ToolJet - Marketplace Plugin Poisoning Enables Instance-Wide Remote Code Execution

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, any authenticated user with builder role free tier can overwrite a globally-shared marketplace plugin with arbitrary JavaScript that executes...

9.4CVSS6.1AI score0.00256EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 2:16 p.m.10 views

CVE-2026-4526

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...

7.1CVSS0.00249EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 1:32 p.m.19 views

CVE-2026-4526

EmberZNet v9.0.2 and earlier has a vulnerability in the global ZCL command parser due to missing minimum-length validation, which can cause out-of-bounds reads in the framework parsing logic and terminate the process. The issue requires messages to originate from a device that has already joined ...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/25 11:55 a.m.4 views

SUSE-SU-2026:2631-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs bsc1266290. - CVE-2025-68324: scsi: imm: Fix use-after-free bug caused by unfinished delayed wo...

9.8CVSS6.7AI score0.0053EPSS
Exploits1References45
NVD
NVD
added 2026/06/25 9:16 a.m.10 views

CVE-2026-53141

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix global performance monitor reference counting In the SETGLOBAL ioctl, v3dperfmonfind bumps the reference count on the perfmon it returns, but v3dperfmonsetglobalioctl and v3dperfmondelete fail to release that referen...

5.5CVSS0.00121EPSS
Exploits0References3
Rows per page
Query Builder