Lucene search
K

169 matches found

RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-55180

A flaw was found in pnpm and pacquet. A malicious repository could exploit this vulnerability by crafting specific .npmrc or pnpm-workspace.yaml files. When these package managers process these files, they improperly expand environment variable placeholders, leading to the disclosure of sensitive...

6.5CVSS5.8AI score0.00212EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-55697

A flaw was found in pnpm, a package manager. A remote attacker could exploit this vulnerability by crafting a malicious repository that declares a configDependency in its pnpm-workspace.yaml file. When a user installs packages from this repository, pnpm improperly treats the declared dependency a...

8.8CVSS6.6AI score0.00127EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 6 days ago9 views

Linux Distros Unpatched Vulnerability : CVE-2026-44941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A relative path traversal in the keyhint option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository ...

8.8CVSS6AI score0.00533EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.6 views

Anthropic Claude Code 2.1.38 < 2.1.163 Sandbox Escape (CVE-2026-55607)

The version of Anthropic Claude Code installed on the remote host is 2.1.38 prior to 2.1.163. It is, therefore, affected by a sandbox escape vulnerability: - Claude Code's worktree handling allowed creation of worktrees named '.git' and navigation to worktrees outside the sandbox context, enablin...

8.8CVSS6.4AI score0.00765EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 4:16 p.m.3 views

DEBIAN-CVE-2026-44941

A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root...

8.8CVSS5.9AI score0.00533EPSS
Exploits1References1
NVD
NVD
added 2026/07/02 4:16 p.m.7 views

CVE-2026-44941

A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root...

8.8CVSS0.00533EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/07/02 3:19 p.m.40 views

CVE-2026-44941 libzypp path traversal via "keyhint" in repomd.xml

A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root...

8.4CVSS0.00533EPSS
Exploits1References2
EUVD
EUVD
added 2026/07/02 3:19 p.m.7 views

EUVD-2026-41406

A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root...

8.4CVSS5.8AI score0.00533EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 3:19 p.m.6 views

CVE-2026-44941

A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root...

8.4CVSS5.8AI score0.00533EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/07/02 3:19 p.m.11 views

CVE-2026-44941 libzypp path traversal via "keyhint" in repomd.xml

A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root...

8.4CVSS5.8AI score0.00533EPSS
Exploits1References2
CVE
CVE
added 2026/07/02 3:19 p.m.48 views

CVE-2026-44941

CVE-2026-44941: libzypp path traversal via the keyhint option in repomd.xml parsing was fixed in libzypp 17.38.13. The issue allowed a malicious repository to inject/overwrite files as root due to treating keyhint as a path. The remediation is to upgrade libzypp components (and related libsolv/li...

8.8CVSS5.8AI score0.00533EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2026/07/02 3:19 p.m.5 views

CVE-2026-44941

A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root...

8.8CVSS5.9AI score0.00533EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/06/30 8:20 p.m.10 views

CVE-2026-55607

A flaw was found in Claude Code, an agentic coding tool, in its handling of worktrees. This vulnerability allowed the creation of specially named worktrees and navigation outside of the intended secure environment, leading to what is known as a 'git directory confusion attack'. By manipulating...

8.8CVSS6.1AI score0.00765EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/29 2:4 p.m.7 views

EUVD-2026-40117

Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor...

7.7CVSS6.3AI score0.00765EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 11:34 p.m.9 views

EUVD-2026-39484

pnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytes...

8.8CVSS5.8AI score0.00193EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/25 4:43 p.m.31 views

CVE-2026-55698 pnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytes

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can persist package-manager bootstrap metadata in the first YAML document of pnpm-lock.yaml. Before the patch, direct pnpm execution trusted an already resolved packageManagerDependencies entry when the committed env lockfile contained...

8.8CVSS0.00193EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/18 2:35 p.m.25 views

CVE-2026-44691

In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files e.g. .theia/tasks.json, .vscode/tasks.json could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitra...

8.4CVSS0.00231EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/18 2:35 p.m.11 views

CVE-2026-44691

In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files e.g. .theia/tasks.json, .vscode/tasks.json could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitra...

8.4CVSS5.7AI score0.00231EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 2:35 p.m.26 views

CVE-2026-44691

CVE-2026-44691 affects Eclipse Theia versions before 1.69.0. The issue arises when custom task definitions in workspace files (e.g., .theia/tasks.json, .vscode/tasks.json) can be executed without workspace trust, potentially enabling arbitrary commands to run with the user’s privileges if a malic...

8.8CVSS5.8AI score0.00231EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.21 views

PT-2026-50690

Name of the Vulnerable Software and Affected Versions Eclipse Theia versions prior to 1.69.0 Description Custom task definitions in workspace files, such as .theia/tasks.json and .vscode/tasks.json, can be executed without requiring workspace trust. This allows an attacker to create a malicious...

8.8CVSS6.2AI score0.00231EPSS
Exploits0References9
Rows per page
Query Builder