Linux Distros Unpatched Vulnerability : CVE-2026-40176

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the...

Command injection via malicious Perforce repository definition

Impact The Perforce::generateP4Command method constructed shell commands by interpolating user-supplied Perforce connection parameters port, user, client without proper escaping. An attacker controlling a repository configuration in a malicious composer.json declaring a Perforce VCS repository...

CVE-2021-31897

In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects...

CVE-2025-68269

In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH...

CVE-2025-68269

In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH...

EUVD-2025-203761

In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH...

CVE-2025-68269

JetBrains IntelliJ IDEA is affected when running versions prior to 2025.3, where a missing confirmation allows opening untrusted remote projects over SSH, constituting a remote project trust bypass vulnerability (CVE-2025-68269). The issue is described as a vulnerability in the IDE’s handling of ...

CVE-2025-64726

Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Socket Firewall binary versions separate from installers prior to 0.15.5 are vulnerable to arbitrary code execution when run in untrusted project...

CVE-2025-64726

Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Socket Firewall binary versions separate from installers prior to 0.15.5 are vulnerable to arbitrary code execution when run in untrusted project...

EUVD-2025-175357

Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Socket Firewall binary versions separate from installers prior to 0.15.5 are vulnerable to arbitrary code execution when run in untrusted project...

CVE-2025-64726 External Control of System or Configuration Setting and Uncontrolled Search Path Element in sfw

Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Socket Firewall binary versions separate from installers prior to 0.15.5 are vulnerable to arbitrary code execution when run in untrusted project...

CVE-2025-64726 External Control of System or Configuration Setting and Uncontrolled Search Path Element in sfw

Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Socket Firewall binary versions separate from installers prior to 0.15.5 are vulnerable to arbitrary code execution when run in untrusted project...

PT-2025-46904

Name of the Vulnerable Software and Affected Versions Socket Firewall versions prior to 0.15.5 Description Socket Firewall is an HTTP/HTTPS proxy server designed to enforce security policies by blocking dangerous packages. Versions of Socket Firewall prior to 0.15.5 are susceptible to arbitrary...

EUVD-2021-18772

Malware in sbrugna...

EUVD-2021-24104

Malware in sbrugna...

CVE-2021-37543

In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects...

OS Command Injection

snyk-gradle-plugin is vulnerable to OS Command Injection. The vulnerability is due to the Snyk CLI's failure to correctly sanitize or validate the current working directory name, allowing for potential code injection when running scans on untrusted projects...

OS Command Injection in Snyk gradle plugin

The Snyk gradle plugin is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects...

GHSA-69F9-H8F9-7VJF OS Command Injection in Snyk php plugin

The Snyk php plugin is vulnerable to Code Injection when scanning an untrusted PHP project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects...

Code Injection

Overview snyk-gradle-plugin is a plugin for the Snyk CLI tool, providing dependency metadata for Gradle projects. Affected versions of this package are vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrust...