EUVD-2026-4656

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of nodemodules/.bin. Bin names starting with @ bypass validation, and after scope normalization, path traversal...

CVE-2026-23889 pnpm has Windows-specific tarball Path Traversal

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's tarball extraction allows malicious packages to write files outside the package directory on Windows. The path normalization only checks for ./ but not .. On Windows, backslashes are directory separators...

CVE-2026-23889

CVE-2026-23889 affects pnpm prior to 10.28.1, with a Windows-specific path traversal in tarball extraction caused by incomplete path normalization that doesn’t account for backslashes. This can allow a malicious package to write files outside the package directory on Windows (e.g., overwriting .n...

CVE-2025-67274

An issue in continuous.software aangine v.2025.2 allows a remote attacker to obtain sensitive information via the excel-integration-service template download module, integration-persistence-service job listing module, portfolio-item-service data retrieval module endpoints...

CVE-2025-67274

An issue in continuous.software aangine v.2025.2 allows a remote attacker to obtain sensitive information via the excel-integration-service template download module, integration-persistence-service job listing module, portfolio-item-service data retrieval module endpoints...

CVE-2025-67274

CVE-2025-67274 affects continuous.software aangine v.2025.2. An issue in the excel-integration-service template download module, the integration-persistence-service job listing module, and the portfolio-item-service data retrieval module endpoints allows a remote attacker to obtain sensitive info...

PT-2026-4773

Name of the Vulnerable Software and Affected Versions aangine version 2025.2 Description An issue allows a remote attacker to obtain sensitive information via the excel-integration-service template download module, integration-persistence-service job listing module, and portfolio-item-service dat...

Continuous Aangine security vulnerabilities

Continuous aangine is a data integration and analysis tool developed by the Irish company Continuous. Version 2025.2 of Continuous aangine contains a security vulnerability. This vulnerability stems from the possibility of sensitive information being leaked through endpoints of multiple modules,...

CVE-2025-67274

An issue in continuous.software aangine v.2025.2 allows a remote attacker to obtain sensitive information via the excel-integration-service template download module, integration-persistence-service job listing module, portfolio-item-service data retrieval module endpoints...

PatchIsland: Orchestration of LLM Agents for Continuous Vulnerability Repair

Continuous fuzzing platforms such as OSS-Fuzz uncover large numbers of vulnerabilities, yet the subsequent repair process remains largely manual. Unfortunately, existing Automated Vulnerability Repair AVR techniques -- including recent LLM-based systems -- are not directly applicable to continuou...

Command Injection

Wrangler is vulnerable to Command Injection. The vulnerability is due to unsanitized interpolation of the --commit-hash parameter into a shell command, where attacker-controlled input is passed directly to execSync, allowing arbitrary command execution in environments such as CI/CD pipelines that...

CVE-2026-0933

SummaryA command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash to...

Wrangler affected by OS Command Injection in `wrangler pages deploy`

Summary A command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash t...

GHSA-36P8-MVP6-CV38 Wrangler affected by OS Command Injection in `wrangler pages deploy`

Summary A command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash t...

Qualys Named a Leader and Outperformer in the 2025 GigaOm Radar for CNAPP

We’re proud to share that Qualys has been recognized as a Leader and Outperformer in the 2025 GigaOm Radar Report for Cloud-Native Application Protection Platforms CNAPP. This year’s evaluation underscores an important reality of the CNAPP market: while 18 vendors were evaluated , only a small...

Exposure Assessment Platforms Signal a Shift in Focus

Gartner® doesn’t create new categories lightly. Generally speaking, a new acronym only emerges when the industry's collective "to-do list" has become mathematically impossible to complete. And so it seems that the introduction of the Exposure Assessment Platforms EAP category is a formal admissio...

EUVD-2026-3519

SummaryA command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash to...

GHSA-8H3Q-9FPP-C883 Duplicate Advisory: Wrangler affected by OS Command Injection in `wrangler pages deploy`

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-36p8-mvp6-cv38. This link is maintained to preserve external references. Original Description SummaryA command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The iss...

Improper Input Validation

Overview wrangler is a Command-line interface for all things Cloudflare Workers Affected versions of this package are vulnerable to Improper Input Validation via the wrangler pages deploy command when the --commit-hash parameter is passed directly to a shell command without proper validation or...

CVE-2026-0933

SummaryA command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash to...