Lucene search
K

8 matches found

EUVD
EUVD
added 5 days ago8 views

EUVD-2026-39481

pnpm: Manifest identity spoof satisfies allowBuilds and runs attacker lifecycle...

7.5CVSS5.8AI score0.00118EPSS
Exploits1References5
CVE
CVE
added 6 days ago11 views

CVE-2026-55487

CVE-2026-55487 affects pnpm. Prior to versions 10.34.2 and 11.5.3, the generic peer-suffix normalizer could strip parenthesized text from git, URL, tarball, file, and other opaque locators, allowing approval for one source string to authorize an attacker-controlled source whose locator normalizes...

8.8CVSS5.9AI score0.00118EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 6 days ago26 views

CVE-2026-55487 pnpm: manifest identity spoof satisfies allowBuilds and runs attacker lifecycle

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one source string could therefore authorize a different attacker-controlled source whose locator...

7.5CVSS0.00118EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.7 views

MajorDoMo 安全漏洞

MajorDoMo is an open-source DIY smart home automation platform developed by the MajorDoMo community. There is a security vulnerability in MajorDoMo. This vulnerability stems from the saverestore module, which exposes its admin method through the /objects/?module=saverestore endpoint without...

9.8CVSS6.2AI score0.01086EPSS
Exploits4References3
RedhatCVE
RedhatCVE
added 2026/01/02 6:37 p.m.5 views

CVE-2025-68619

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the appstore interface allow administrators to install npm packages through a REST API endpoint. While the endpoint validates that the package name exists in the npm registry as a known plugi...

8.6CVSS7.7AI score0.00645EPSS
Exploits1References1
NVD
NVD
added 2021/07/21 6:15 p.m.12 views

CVE-2021-34816

An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source...

7.2CVSS0.02229EPSS
Exploits1References2
Prion
Prion
added 2021/07/21 6:15 p.m.13 views

Sql injection

An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source...

6.5CVSS7.3AI score0.02229EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/07/21 6:2 p.m.22 views

CVE-2021-34816

An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source...

7.5AI score0.02229EPSS
Exploits1References2
Rows per page
Query Builder