Lucene search
K

2270 matches found

NVD
NVD
added 2026/06/25 6:16 p.m.8 views

CVE-2026-50016

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a transitive dependency alias from registry package metadata to contain path traversal segments. During install, pnpm later uses that alias as a filesystem path when linking dependency nodes. As a result, a registry package can...

8.8CVSS0.00326EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 5:17 p.m.4 views

EUVD-2026-39500

jq is a command-line JSON processor. Prior to 1.8.2, jq --rawfile can turn a handled oversized-string error into invalid-state reuse and a real heap out-of-bounds write in assertion-disabled builds. When jvloadfileraw=1 reads an attacker-controlled file, it repeatedly appends file chunks to the...

7.1CVSS5.8AI score0.00165EPSS
Exploits1References1
OSV
OSV
added 2026/06/25 5:17 p.m.3 views

ALPINE-CVE-2026-56123

socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read...

9.8CVSS6AI score0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 4:41 p.m.27 views

CVE-2026-55487 pnpm: manifest identity spoof satisfies allowBuilds and runs attacker lifecycle

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one source string could therefore authorize a different attacker-controlled source whose locator...

7.5CVSS0.00118EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 4:41 p.m.15 views

CVE-2026-55487

CVE-2026-55487 affects pnpm. Prior to versions 10.34.2 and 11.5.3, the generic peer-suffix normalizer could strip parenthesized text from git, URL, tarball, file, and other opaque locators, allowing approval for one source string to authorize an attacker-controlled source whose locator normalizes...

8.8CVSS5.9AI score0.00118EPSS
Exploits1References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/25 9:34 a.m.9 views

Important: Red Hat Security Advisory: perl-IO-Compress security update

An update for perl-IO-Compress is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

7.3CVSS6.3AI score0.00292EPSS
Exploits2References2
NVD
NVD
added 2026/06/25 7:16 a.m.10 views

CVE-2026-12246

NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes...

8.1CVSS0.00265EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52565

Name of the Vulnerable Software and Affected Versions OHIF affected versions not specified Description The DICOMWebProxy and DICOMJSON data sources, when used with default configurations, fetch an arbitrary URL parameter without proper validation. A global authentication service within the...

8.3CVSS6AI score0.00232EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52602

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description PKCS12 MAC verification uses a comparison length controlled by an attacker, which weakens the integrity check on the Message Authentication Code MAC and allows a...

6.5CVSS5.8AI score0.0016EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/24 9:26 p.m.19 views

CVE-2026-52794 Sentry: Inefficient Regular Expression Complexity in sentry

Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Sentry's event ingestion pipeline, where a regex applied to attacker-controlled fields on incoming events can be made to consume...

7.5CVSS0.00267EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:17 p.m.4 views

CVE-2026-52802

Gogs is an open source self-hosted Git service. Prior to 0.14.3, an open redirect vulnerability exists in Gogs where attacker-controlled redirectto parameters can bypass validation, allowing redirection to arbitrary external sites. All redirects in Gogs that are validated via the IsSameSite...

5.4CVSS6AI score0.00554EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/24 7:27 p.m.5 views

Important: Red Hat Security Advisory: perl-IO-Compress security update

An update for perl-IO-Compress is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

7.3CVSS6.3AI score0.00292EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2026/06/24 7:27 p.m.8 views

perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob

A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...

7.3CVSS6.1AI score0.00292EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2026/06/24 6:54 p.m.4 views

perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob

A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...

7.3CVSS6.1AI score0.00292EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2026/06/24 6:54 p.m.6 views

Important: Red Hat Security Advisory: perl-IO-Compress security update

An update for perl-IO-Compress is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

7.3CVSS6.3AI score0.00292EPSS
Exploits2References2
NVD
NVD
added 2026/06/24 6:17 p.m.7 views

CVE-2026-48731

Warp is an agentic development environment. From 0.2024.02.20.08.01.stable01 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the Linux external editor launcher. Warp expanded freedesktop .desktop Exec templates for affected editor integrations and executed the expand...

7.8CVSS0.00496EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 6:17 p.m.16 views

CVE-2026-49851

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately On² behavior in parselinktext. When parsing Markdown containing many consecutive characters, parselinktext repeatedly scans the input usin...

8.7CVSS0.0035EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 5:30 p.m.11 views

CVE-2026-48731

Warp, a developer environment, contains a Linux external editor launcher vulnerability. From 0.2024.02.20.08.01.stable_01 to 0.2026.05.06.15.42.stable_01, Warp expanded freedesktop .desktop Exec templates for affected editor integrations and executed the expanded command through a shell. A user w...

7.8CVSS5.9AI score0.00496EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 5:29 p.m.33 views

CVE-2026-48732 Warp: Remote SSH cwd can lead to unauthorized remote command execution

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for...

8.8CVSS0.01007EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/24 11:53 a.m.9 views

EUVD-2026-38738

Capgo before 12.128.2 contains a broken object level authorization BOLA vulnerability in the POST /build/start/:jobId and POST /build/cancel/:jobId endpoints. The handlers authorize the request based only on the attacker-controlled appid supplied in the request body and never verify that the jobI...

7.6CVSS6.1AI score0.00176EPSS
Exploits0References2
Rows per page
Query Builder