Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.12 views

CVE-2026-44225

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

9.3CVSS5.9AI score0.01102EPSS
Exploits2References1
NVD
NVD
added 2026/05/12 8:16 p.m.10 views

CVE-2026-44225

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

9.3CVSS0.01102EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/05/12 8:2 p.m.33 views

CVE-2026-44225 Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

9.3CVSS0.01102EPSS
Exploits2References1
EUVD
EUVD
added 2026/05/12 8:2 p.m.14 views

EUVD-2026-29801

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

9.3CVSS5.9AI score0.01102EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/05/12 8:2 p.m.11 views

CVE-2026-44225 Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

9.3CVSS5.9AI score0.01102EPSS
Exploits2References1
CVE
CVE
added 2026/05/12 8:2 p.m.24 views

CVE-2026-44225

CVE-2026-44225 (Pulpy) : The vulnerability affects Pulpy, a cross-platform desktop app packager for web apps. Before version 0.1.1, Pulpy injects a pulpy.fs JavaScript API into packaged web apps and the intended sandbox via validateFsPath() is incomplete, allowing a web app to read and write arbi...

9.3CVSS5.9AI score0.01102EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 8:2 p.m.6 views

CVE-2026-44225

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

9.3CVSS5.9AI score0.01102EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Pulpy 路径遍历漏洞

Pulpy is a lightweight tool developed by Enes Gökkaya that converts web applications into desktop applications. Versions of Pulpy prior to 0.1.1 contained a path traversal vulnerability. This vulnerability stemmed from an incomplete blacklist for the validateFsPath function, which could lead to...

9.3CVSS5.9AI score0.01102EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40423

Name of the Vulnerable Software and Affected Versions Pulpy versions prior to 0.1.1 Description Pulpy injects a pulpy.fs JavaScript API into packaged web applications to provide host filesystem access. The validateFsPath function, intended to sandbox this access, contains an incomplete blocklist...

9.3CVSS5.9AI score0.01102EPSS
Exploits2References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in test-mlw2-meris-pulpy (npm)

The package test-mlw2-meris-pulpy was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-35769 Malicious code in test-mlw2-meris-pulpy (npm)

The package test-mlw2-meris-pulpy was found to contain malicious code...

7.2AI score
Exploits0
Rows per page
Query Builder