Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/07/02 3:45 p.m.6 views

CVE-2026-55700

A flaw was found in pnpm, a package manager. A remote attacker could exploit a vulnerability in the pnpm stage download command by providing a specially crafted package manifest. This could allow the attacker to write files to arbitrary locations on the system, leading to unauthorized modificatio...

7.1CVSS6AI score0.00267EPSS
Exploits1References5
NVD
NVD
added 2026/06/25 6:16 p.m.6 views

CVE-2026-55700

pnpm is a package manager. From 11.3.0 until 11.5.3, pnpm stage download derived a local filename from registry-controlled package name and version fields. A crafted manifest could escape the selected download directory and overwrite another reachable file. The merged fix validates both fields,...

7.1CVSS0.00267EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52525

Name of the Vulnerable Software and Affected Versions pnpm versions 11.3.0 through 11.5.2 Description The pnpm stage download command derives a local filename using package name and version fields controlled by the registry. A crafted manifest can lead to a path traversal, allowing an attacker to...

7.1CVSS5.8AI score0.00267EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2026/04/10 11:25 p.m.7 views

SUSE CVE-2026-39977

flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...

7.1CVSS5.9AI score0.00288EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.4 views

PT-2026-31705

Name of the Vulnerable Software and Affected Versions flatpak-builder versions 1.4.5 through 1.4.7 Description flatpak-builder, a tool for building flatpaks from source, contains a flaw where the 'license-files' manifest key can be exploited to read arbitrary files from the host system and includ...

7.1CVSS5.8AI score0.00288EPSS
Exploits1References10
NVD
NVD
added 2025/09/03 6:15 p.m.11 views

CVE-2025-56803

Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to childprocess.exec without validation, leading to...

8.4CVSS0.01058EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2024/10/23 12:0 a.m.5 views

PT-2024-9135 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.2 through 17.3.5 GitLab CE/EE versions 17.4 through 17.4.2 GitLab CE/EE versions 17.5 through 17.5.0 Description: A denial of service issue has been discovered in GitLab CE/EE. This issue can be exploited by importing...

8.7CVSS6.9AI score0.00531EPSS
Exploits2References16
Rows per page
Query Builder