Lucene search
+L

4 matches found

OSV
OSV
added 2026/01/26 9:53 p.m.16 views

CVE-2026-23890 pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of nodemodules/.bin. Bin names starting with @ bypass validation, and after scope normalization, path traversal...

6.5CVSS5.9AI score0.00438EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/09/19 1:56 a.m.7 views

SUSE CVE-2023-36479

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, th...

3.5CVSS8AI score0.01006EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2023/09/15 6:37 p.m.37 views

CVE-2023-36479

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, th...

3.5CVSS6AI score0.01006EPSS
Exploits1
CNNVD
CNNVD
added 2021/08/16 12:0 a.m.7 views

Realtek Jungle SDK 缓冲区错误漏洞

The Realtek Jungle SDK provides an HTTP web server that exposes a management interface that can be used to configure access points. A security vulnerability exists in the Realtek Jungle SDK, which stems from the fact that Realtek Jungle SDK versions v2.x through v3.4.14B provide a "WiFi Simple...

7.8CVSS8.4AI score0.8315EPSS
Exploits1References4
Rows per page
Query Builder