120 matches found
CVE-2026-50015
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's patch application pipeline @pnpm/patch-package performs no path validation on file paths extracted from .patch files. An attacker who contributes a malicious patch file via a pull request can write attacker-controlled content to or...
CVE-2026-50015
CVE-2026-50015 affects the pnpm package manager via its patch application pipeline (@pnpm/patch-package). The vulnerability arises because, prior to 10.34.0 and 11.4.0, patch file diff headers can contain traversals like ../../, and the pipeline performs no path validation on file paths extracted...
EUVD-2026-39492
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's patch application pipeline @pnpm/patch-package performs no path validation on file paths extracted from .patch files. An attacker who contributes a malicious patch file via a pull request can write attacker-controlled content to or...
CVE-2026-50015 pnpm: Arbitrary File Write/Delete via Malicious Patch File (Path Traversal)
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's patch application pipeline @pnpm/patch-package performs no path validation on file paths extracted from .patch files. An attacker who contributes a malicious patch file via a pull request can write attacker-controlled content to or...
CVE-2026-39199
The CVE-2026-39199 entry affects snes9x 1.63 and describes an out-of-bounds write that leads to a denial of service when processing a crafted .ups patch file. The vulnerability is tied to the emulator’s handling of UP.patch data, causing a crash (DoS) when a malicious or malformed patch is loaded...
SUSE-SU-2026:1519-1 Security update 5.1.3 for Multi-Linux Manager Client Tools
This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Internal changes to fix build issues with no impact for customers spacecmd: - Version 5.1.13-0 Updated translation strings uyuni-tools: - Version 5.1.26-0 Fixed applying PTF with images from RPMs bsc1252548 Ssl Key...
CVE-2025-63910
An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file...
CVE-2025-63910
An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file...
CVE-2025-63910
An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file...
Cohesity TranZman 安全漏洞
Cohesity TranZman is a data migration and recovery software developed by Cohesity Corporation. Version 4.0 Build 14614 of Cohesity TranZman contains a security vulnerability. This vulnerability arises from the upload of any file with authenticated access, potentially allowing attackers with...
CVE-2025-63910
An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file...
CLSA-2026-1770909956 Fix CVE(s): CVE-2026-23876
SECURITY UPDATE: out of bounds write vulnerability in XBM decoder - debian/patches/CVE-2026-23876.patch: add overflow checks to prevent out of bounds write in coders/xbm.c - CVE-2026-23876...
CVE-2026-25143 melange affected by potential host command execution via license-check YAML mode patch pipeline
melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...
CLSA-2026-1770040871 Fix CVE(s): CVE-2023-4781
Fix CVE-2023-4781.patch - debian/patches/CVE-2023-4781.patch: patch winexchange instead of winrotate...
CLSA-2026-1768989383 Fix CVE(s): CVE-2025-68973
SECURITY UPDATE: Possible memory corruption in the armor parser - debian/patches/CVE-2025-68973.patch: fix faulty double increment - CVE-2025-68973...
CLSA-2026-1768300849 Fix CVE(s): CVE-2024-50349
SECURITY UPDATE: improper encoding or escaping of credential handling - debian/patches/CVE-2024-50349.patch: fix ANSI escape sequence vulnerability that occurs when asking for credentials interactively - CVE-2024-50349...
CLSA-2026-1768224866 Fix CVE(s): CVE-2025-58436
SECURITY UPDATE: Possible DoS attack caused by a slow client communication - debian/patches/CVE-2025-58436.patch: fix unresponsive cupsd process caused by a slow client - CVE-2025-58436...
Exploit for CVE-2025-56800
CVE-2025-56800 Local Authentication Bypass Vulnerability i...
EUVD-2019-11172
Malware in sbrugna...
EUVD-2020-25189
Malware in sbrugna...