Lucene search
+L

2510 matches found

ptsecurity
ptsecurity
added 2 days ago14 views

PT-2026-60303

Name of the Vulnerable Software and Affected Versions Tenda AC10 v3 version V03.03.16.09 Description A buffer overflow allows attackers to cause a permanent Denial of Service DoS or potentially execute remote code. This issue occurs via the '/cgi-bin/UploadCfg' endpoint. There have been reports o...

9.8CVSS6.3AI score0.00171EPSS
Exploits0References4
ossf
ossf
added last week11 views

Malicious code in type-plint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37979cc60cff25e26406f3426f0dd7aeac12c13e55402c89f78228080cac0ad9 The package advertises itself as a pino-style logger but its exported middleware spawns lib/caller.js as a detached Node child process. lib/caller.js...

6.3AI score
Exploits0References2
nessus
nessus
added 2026/07/09 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-59946

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside...

6.1CVSS6.1AI score0.00136EPSS
Exploits0References3
ossf
ossf
added 2026/07/08 8:37 p.m.10 views

Malicious code in @vite-js/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 476576198de86a58304788ac79ac3c8ca21b5029d9e824e3ffab41f539146c3b Package @vite-js/ui impersonates the official vite package: package.json declares author 'Evan You', homepage 'https://vitejs.dev', ships an unmodifi...

6.3AI score
Exploits0References2
osv
osv
added 2026/07/08 8:37 p.m.2 views

MAL-2026-7021 Malicious code in @vite-js/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 476576198de86a58304788ac79ac3c8ca21b5029d9e824e3ffab41f539146c3b Package @vite-js/ui impersonates the official vite package: package.json declares author 'Evan You', homepage 'https://vitejs.dev', ships an unmodifi...

6.3AI score
Exploits0References2
osv
osv
added 2026/07/08 8:16 p.m.3 views

DEBIAN-CVE-2026-59946

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and...

6.1CVSS6.1AI score0.00136EPSS
Exploits0References1
nvd
nvd
added 2026/07/08 8:16 p.m.7 views

CVE-2026-59946

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and...

6.1CVSS0.00136EPSS
Exploits0References5
debiancve
debiancve
added 2026/07/08 7:32 p.m.7 views

CVE-2026-59946

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and...

6.1CVSS5.9AI score0.00136EPSS
Exploits0
osv
osv
added 2026/07/08 7:32 p.m.4 views

CVE-2026-59946 Composer: Path traversal in package bin field lets dependencies chmod arbitrary host files

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and...

6.1CVSS6.1AI score0.00136EPSS
Exploits0References7
cvelist
cvelist
added 2026/07/08 7:32 p.m.34 views

CVE-2026-59946 Composer: Path traversal in package bin field lets dependencies chmod arbitrary host files

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and...

6.1CVSS0.00136EPSS
Exploits0References5
cve
cve
added 2026/07/08 7:32 p.m.10 views

CVE-2026-59946

CVE-2026-59946 affects Composer (PHP dependency manager). A bin entry containing trailing .. path segments could resolve outside the package install directory, enabling the binary installation flow to chmod an existing host file to world-readable/world-executable during composer install, update, ...

6.1CVSS5.9AI score0.00136EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.10 views

PT-2026-56549

Name of the Vulnerable Software and Affected Versions Composer versions prior to 2.2.29 Composer versions prior to 2.10.2 Description A flaw in the binary installation flow allows a package bin entry containing .. path segments to resolve outside the package installation directory. This can lead ...

6.1CVSS6.2AI score0.00136EPSS
Exploits0References11
redhatcve
redhatcve
added 2026/07/06 2:23 p.m.7 views

CVE-2026-55699

A flaw was found in pnpm, a package manager. When a malicious package with specially crafted manifest bin object keys such as "." or ".." is installed globally, subsequent package management operations like removal, update, or replacement could lead to the deletion of critical directories. This...

6.5CVSS5.9AI score0.00286EPSS
Exploits1References4
nvd
nvd
added 2026/07/06 2:16 a.m.9 views

CVE-2026-14788

A security vulnerability has been detected in radareorg radare2 up to 6.1.6. Affected by this vulnerability is the function rcorebinload of the file libr/core/cfile.c. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and...

7.8CVSS0.00135EPSS
Exploits1References7
osv
osv
added 2026/07/06 1:45 a.m.6 views

CVE-2026-14788 radareorg radare2 cfile.c r_core_bin_load use after free

A security vulnerability has been detected in radareorg radare2 up to 6.1.6. Affected by this vulnerability is the function rcorebinload of the file libr/core/cfile.c. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and...

4.8CVSS5.1AI score0.00135EPSS
Exploits1References9
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.13 views

PT-2026-55850

Name of the Vulnerable Software and Affected Versions radareorg radare2 versions prior to 6.1.7 Description A use after free issue exists in the r core bin load function within the libr/core/cfile.c file. This flaw allows a local attacker to trigger the condition through specific manipulation. Us...

7.8CVSS6.2AI score0.00135EPSS
Exploits1References12
attackerkb
attackerkb
added 2026/07/05 3:15 p.m.8 views

CVE-2026-14759

A security flaw has been discovered in radareorg radare2 up to 6.1.6. This issue affects the function rbinjavainnerclassesattrcalcsize of the file shlr/java/class.c of the component RBinJava Line Number Table Parser. Performing a manipulation results in heap-based buffer overflow. The attack...

4.8CVSS6.1AI score0.00153EPSS
Exploits1References7Affected Software1
nuclei
nuclei
added 2026/07/03 1:39 p.m.76 views

ZeroShell <= 1.0beta11 Remote Code Execution

ZeroShell 1.0beta11 and earlier via cgi-bin/kerbynet allows remote attackers to execute arbitrary commands through shell metacharacters in the type parameter in a NoAuthREQ x509List action. id: CVE-2009-0545 info: name: ZeroShell = 1.0beta11 Remote Code Execution author: geeknik severity: critica...

10CVSS6.2AI score0.90732EPSS
Exploits2References5
osv
osv
added 2026/07/02 4:5 p.m.10 views

GHSA-MHQ8-78PJ-5J79 OpenClaw's POSIX node system.run safe-bin allowlist could be widened by shell expansion

Summary On POSIX nodes, OpenClaw's system.run safe-bin checks could approve a command before shell expansion changed how the command was interpreted. A value that appeared to be a safe-bin argument could expand into additional shell words and become a file operand. This issue is limited to paired...

7.1CVSS6.1AI score0.00191EPSS
Exploits0References2
nvd
nvd
added 2026/06/29 6:16 a.m.9 views

CVE-2026-13538

A vulnerability was determined in Wavlink WL-NU516U1-A M16U1V240425. The affected element is the function sub401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection. Remote...

6.5CVSS0.01306EPSS
Exploits0References10
Rows per page
Query Builder