Lucene search
+L

10 matches found

SUSE CVE
SUSE CVE
added 2026/04/17 12:1 p.m.7 views

SUSE CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

7.8CVSS6.1AI score0.01688EPSS
Exploits2References6
Cvelist
Cvelist
added 2026/04/15 8:56 p.m.21 views

CVE-2026-40261 Composer has Command Injection via Malicious Perforce Reference

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS0.01688EPSS
Exploits2References2
Github Security Blog
Github Security Blog
added 2026/04/14 8:1 p.m.11 views

Composer has a command injection via malicious perforce reference

Impact The Perforce::syncCodeBase method appended the $sourceReference parameter to a shell command without proper escaping, allowing an attacker to inject arbitrary commands through a crafted source reference containing shell metacharacters. Further as in GHSA-wg36-wvj6-r67p / CVE-2026-40176 the...

8.8CVSS6.3AI score0.01688EPSS
Exploits4References5Affected Software1
Snyk
Snyk
added 2026/04/14 8:1 p.m.7 views

Command Injection

Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Command Injection via the Perforce::syncCodeBase and...

8.8CVSS6.3AI score0.01688EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/12/24 6:18 p.m.7 views

CVE-2025-14928

A flaw was found in the Hugging Face Transformers library. The convertconfig function fails to validate a user-supplied string before using it to execute Python code. An attacker can exploit this flaw by providing a malicious HuBERT model checkpoint, causing arbitrary code execution in the contex...

8.8CVSS8AI score0.00278EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-0069

Malicious code in bioql PyPI...

7.4CVSS9.2AI score0.03148EPSS
Exploits0References10
NVD
NVD
added 2025/01/14 7:15 p.m.29 views

CVE-2024-50338

Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...

7.4CVSS0.03148EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/01/14 6:11 p.m.18 views

CVE-2024-50338 Carriage-return character in remote URL allows malicious repository to leak credentials in Git Credential Manager

Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...

7.4CVSS6.8AI score0.03148EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 6:4 a.m.4 views

SUSE CVE-2009-1358

apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories...

10CVSS7.2AI score0.04396EPSS
Exploits0References3
OSV
OSV
added 2021/05/19 2:15 p.m.5 views

UBUNTU-CVE-2021-3421

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This...

5.5CVSS6.7AI score0.00701EPSS
Exploits0References4
Rows per page
Query Builder