7 matches found
CVE-2026-55700
A flaw was found in pnpm, a package manager. A remote attacker could exploit a vulnerability in the pnpm stage download command by providing a specially crafted package manifest. This could allow the attacker to write files to arbitrary locations on the system, leading to unauthorized modificatio...
CVE-2026-55700
pnpm is a package manager. From 11.3.0 until 11.5.3, pnpm stage download derived a local filename from registry-controlled package name and version fields. A crafted manifest could escape the selected download directory and overwrite another reachable file. The merged fix validates both fields,...
PT-2026-52525
Name of the Vulnerable Software and Affected Versions pnpm versions 11.3.0 through 11.5.2 Description The pnpm stage download command derives a local filename using package name and version fields controlled by the registry. A crafted manifest can lead to a path traversal, allowing an attacker to...
SUSE CVE-2026-39977
flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...
PT-2026-31705
Name of the Vulnerable Software and Affected Versions flatpak-builder versions 1.4.5 through 1.4.7 Description flatpak-builder, a tool for building flatpaks from source, contains a flaw where the 'license-files' manifest key can be exploited to read arbitrary files from the host system and includ...
CVE-2025-56803
Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to childprocess.exec without validation, leading to...
PT-2024-9135 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.2 through 17.3.5 GitLab CE/EE versions 17.4 through 17.4.2 GitLab CE/EE versions 17.5 through 17.5.0 Description: A denial of service issue has been discovered in GitLab CE/EE. This issue can be exploited by importing...