Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

12 matches found

RedhatCVE
RedhatCVEadded 2025/11/08 7:41 a.m.3 views

CVE-2025-64343

conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...

7.8CVSS6.4AI score0.00014EPSS
Exploits0References1
NVD
NVDadded 2025/11/07 6:15 a.m.4 views

CVE-2025-64343

conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...

7.8CVSS0.00014EPSS
Exploits0References3
OSV
OSVadded 2025/11/07 5:20 a.m.4 views

CVE-2025-64343 (conda) Constructor: Excessive permissions during and after installation

conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...

7.8CVSS6.4AI score0.00014EPSS
Exploits0References5
CVE
CVEadded 2025/11/07 5:20 a.m.7 views

CVE-2025-64343

CVE-2025-64343 affects the conda Constructor tool. In versions 3.12.2 and earlier, the installation directory inherits permissions from its parent, and outside restricted directories those permissions can permit write access by authenticated users. Any logged-in user could modify during installat...

7.8CVSS6AI score0.00014EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2025/11/07 5:20 a.m.6 views

CVE-2025-64343 (conda) Constructor: Excessive permissions during and after installation

conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...

7.8CVSS6AI score0.00014EPSS
Exploits0References3
CNNVD
CNNVDadded 2025/11/07 12:0 a.m.6 views

Conda Constructor 安全漏洞

Conda Constructor is a Conda open source tool for creating installers from conda packages. A security vulnerability exists in Conda Constructor 3.12.2 and earlier versions, which stems from the installation directory inheriting parent directory permissions, which could lead to modification...

7.8CVSS6.2AI score0.00014EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/11/07 12:0 a.m.3 views

PT-2025-45411

Name of the Vulnerable Software and Affected Versions conda Constructor versions 3.12.2 and below Description conda Constructor is a tool used to create installers for conda package collections. Versions 3.12.2 and earlier have a configuration where the installation directory receives permissions...

7.8CVSS6.3AI score0.00014EPSS
Exploits0References10
CVE
CVEadded 2025/06/17 2:21 a.m.15 views

CVE-2025-49823

Conda Constructor prior to 3.11.3 is affected. The vulnerability arises in shell installer scripts that process the installation prefix (user_prefix) using an eval statement, causing unsanitized user input to be executed as shell code. This can allow command injection via a malicious installation...

4.2AI score0.00076EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/06/17 2:21 a.m.12 views

CVE-2025-49823 Conda Constructor Command Injection via Unsanitized User Input (Low)

conda Constructor is a tool which allows constructing an installer for a collection of conda packages. Prior to version 3.11.3, shell installer scripts process the installation prefix userprefix using an eval statement, which executes unsanitized user input as shell code. Although the script runs...

0.00076EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/06/17 2:21 a.m.1 views

CVE-2025-49823 Conda Constructor Command Injection via Unsanitized User Input (Low)

conda Constructor is a tool which allows constructing an installer for a collection of conda packages. Prior to version 3.11.3, shell installer scripts process the installation prefix userprefix using an eval statement, which executes unsanitized user input as shell code. Although the script runs...

4.2AI score0.00076EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/06/17 12:0 a.m.1 views

PT-2025-25610 · Unknown · Conda Constructor

Name of the Vulnerable Software and Affected Versions: Conda Constructor versions prior to 3.11.3 Description: The issue concerns the Conda Constructor, a tool for creating installers for conda packages. Prior to version 3.11.3, the shell installer scripts process the installation prefix using an...

6.7AI score0.00076EPSS
Exploits0References7
CNNVD
CNNVDadded 2025/06/17 12:0 a.m.1 views

Conda Constructor 命令注入漏洞

Conda Constructor is a Conda open source tool for creating installers from conda packages. A command injection vulnerability exists in versions of Conda Constructor prior to 3.11.3, which stems from the execution of uncleared user input when the eval statement handles the installer prefix, and...

7.5AI score0.00076EPSS
Exploits0References4
Rows per page
Query Builder