CVE-2026-24131

pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory,...

CVE-2026-24131 pnpm has Path Traversal via arbitrary file permission modification

pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory,...

CVE-2026-24131

pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory,...

CVE-2026-24131

pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory,...

CVE-2026-24131

CVE-2026-24131 concerns pnpm, a package manager. Before version 10.28.2, processing a package’s directories.bin field could join a path without ensuring it stayed under the package root, enabling a crafted package to escape the package and chmod files at arbitrary locations on Unix-like systems. ...

EUVD-2007-5466

Malware in sbrugna...

CVE-2007-5491

Directory traversal vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang parameter...