Lucene search
K

81 matches found

Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-11914 Composer - Critical - Unsupported - SA-CONTRIB-2026-046

vulnerability in Drupal Composer allows . This issue affects Composer versions:...

0.00217EPSS
Exploits0References1
OSV
OSV
added last week5 views

CVE-2026-59948 Composer: Arbitrary file write outside vendor via malicious transitive package name

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than Packagist.org or Private Packagist can cause Composer to write attacker-controlled files outside the vendor directory and outside the project...

7CVSS6.1AI score0.00132EPSS
Exploits0References7
Debian CVE
Debian CVE
added last week7 views

CVE-2026-59946

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and...

6.1CVSS5.9AI score0.00136EPSS
Exploits0
OSV
OSV
added last week3 views

CVE-2026-59946 Composer: Path traversal in package bin field lets dependencies chmod arbitrary host files

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and...

6.1CVSS6.1AI score0.00136EPSS
Exploits0References7
NVD
NVD
added 2026/06/17 10:53 a.m.9 views

CVE-2026-46765

Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component: Composer. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter...

9.9CVSS0.00402EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.10 views

Amazon Linux 2023 : composer (ALAS2023-2026-1800)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1800 advisory. Github Actions issued GITHUBTOKEN disclosure in GitHub Actions logs CVE-2026-45793 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that...

5.8AI score0.00079EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Composer

Composer is a dependency manager for PHP. Users who publish a composer.phar file to a publicly accessible web server where the file can be executed as a PHP file may be subject to a remote code execution vulnerability if PHP also has registerargcargv enabled in php.ini. Versions 2.6.4, 2.2.22, an...

8.8CVSS8.6AI score0.0139EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Composer

Composer is a dependency manager for PHP. The URLs for Mercurial repositories in the composer.json file at the root level, as well as the source download URLs, are not sanified correctly. Specifically crafted URL values allow code to be executed via the HgDriver if hg/Mercurial is installed on th...

8.8CVSS8.5AI score0.04849EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.8 views

Unity Linux 20.1070a Security Update: osbuild-composer (UTSA-2026-016490)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016490 advisory. Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is...

7.5CVSS7.2AI score0.00459EPSS
Exploits2References4
BDU FSTEC
BDU FSTEC
added 2026/04/20 12:0 a.m.2 views

The vulnerability of the syncCodeBase() function in the Composer dependency management tool allows a hacker to inject arbitrary commands.

The vulnerability of the syncCodeBase function in the Composer dependency management tool is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary commands through specially created source URLs or URLs...

10CVSS6.3AI score0.01688EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2026/04/18 8:36 a.m.8 views

BIT-COMPOSER-2026-40261 Composer has Command Injection via Malicious Perforce Reference

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS6.1AI score0.01688EPSS
Exploits2References7
OSV
OSV
added 2026/04/18 8:36 a.m.6 views

BIT-COMPOSER-2026-40176 Composer is vulnerable to Command Injection via Malicious Perforce Repository

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

7.8CVSS6.2AI score0.01065EPSS
Exploits4References7
GithubExploit
GithubExploit
added 2026/04/16 4:0 a.m.129 views

Exploit for CVE-2026-40176

!CAUTION THIS REPOSITORY CONTAINS PROOF-OF-CONCEPT CODE FO...

8.8CVSS6AI score0.01688EPSS
Exploits4
NVD
NVD
added 2026/04/15 9:17 p.m.6 views

CVE-2026-40176

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

7.8CVSS0.01065EPSS
Exploits4References6
Vulnrichment
Vulnrichment
added 2026/04/15 8:56 p.m.11 views

CVE-2026-40261 Composer has Command Injection via Malicious Perforce Reference

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS6.2AI score0.01688EPSS
Exploits2References2
OSV
OSV
added 2026/04/15 8:56 p.m.1 views

CVE-2026-40261 Composer has Command Injection via Malicious Perforce Reference

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS6.3AI score0.01688EPSS
Exploits2References8
Cvelist
Cvelist
added 2026/04/15 8:47 p.m.22 views

CVE-2026-40176 Composer is vulnerable to Command Injection via Malicious Perforce Repository

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

7.8CVSS0.01065EPSS
Exploits4References2
Vulnrichment
Vulnrichment
added 2026/04/15 8:47 p.m.4 views

CVE-2026-40176 Composer is vulnerable to Command Injection via Malicious Perforce Repository

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

7.8CVSS6.1AI score0.01065EPSS
Exploits4References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 8:47 p.m.4 views

CVE-2026-40176

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

7.8CVSS6.1AI score0.01065EPSS
Exploits4References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/15 8:47 p.m.4 views

CVE-2026-40176

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

7.8CVSS6.3AI score0.01065EPSS
Exploits4
Rows per page
Query Builder