14331 matches found
Vite Dev Server - Path Traversal in Optimized Deps .map Handling
Vite development server versions prior to 8.0.5, 7.3.2, and 6.4.2 are vulnerable to path traversal through the optimized dependencies sourcemap handler. The dev server's handling of .map requests for optimized dependencies resolves file paths via normalizePathpath.resolveroot, url.slice1 and call...
CVE-2026-15526
A flaw has been found in augmnt augments-mcp-server 7.1.0. This issue affects the function scanProjectDeps of the file src/tools/v4/scan-project-deps.ts of the component scanprojectdeps. Executing a manipulation of the argument packageJsonPath can lead to path traversal. The attack can only be...
CVE-2026-15526
A vulnerability in augmnt augments-mcp-server 7.1.0 affects the function scanProjectDeps (src/tools/v4/scan-project-deps.ts) of the scan_project_deps component. The issue arises from manipulating the argument packageJsonPath, enabling path traversal. The attack is local, and a proof-of-concept/ex...
[SECURITY] Fedora 44 Update: composer-2.10.2-1.fc44
Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...
[SECURITY] Fedora 43 Update: perl-HTML-Gumbo-0.19-1.fc43
Gumbo is an implementation of the HTML5 parsing algorithm implemented as a pure C99 library with no outside dependencies...
[SECURITY] Fedora 43 Update: composer-2.10.2-1.fc43
Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...
Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages
Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised version, @injectivelabs/[email protected] , came embedded wi...
CVE-2026-61441
PraisonAI Platform praisonai-platform before 0.1.9 improperly authorizes deletion of issue dependencies. The DELETE dependency route accepts either endpoint of a dependency edge and checks delete permission only against the caller-selected URL issue. A workspace member who cannot delete a...
CVE-2026-61441 PraisonAI Platform before 0.1.9 Authorization Bypass via Dependencies
PraisonAI Platform praisonai-platform before 0.1.9 improperly authorizes deletion of issue dependencies. The DELETE dependency route accepts either endpoint of a dependency edge and checks delete permission only against the caller-selected URL issue. A workspace member who cannot delete a...
CVE-2026-61441
PraisonAI Platform before version 0.1.9 suffers an authorization bypass in the DELETE dependency endpoint: the route validates permissions against the caller-selected URL issue but allows deletion via a member-owned issue endpoint if the dependency edge is related to a member, bypassing owner/adm...
Malicious code in polymarket-apis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd77c8861490c0b5607b4029f8f9e51f12efb83a6696fc51b953b0a3cde1356b The package impersonates the Polymarket brand name polymarket-apis, author polymarket but contains no Polymarket API integration. Its exported...
CVE-2026-15033
A flaw has been found in christopherthielen check-peer-dependencies up to 4.3.4. Affected by this vulnerability is the function shelljs.exec of the file dist/packageUtils.js of the component peerDependencies. This manipulation causes os command injection. The attack may be initiated remotely. The...
CVE-2026-15033 christopherthielen check-peer-dependencies peerDependencies packageUtils.js shelljs.exec os command injection
A flaw has been found in christopherthielen check-peer-dependencies up to 4.3.4. Affected by this vulnerability is the function shelljs.exec of the file dist/packageUtils.js of the component peerDependencies. This manipulation causes os command injection. The attack may be initiated remotely. The...
EUVD-2026-42234
A flaw has been found in christopherthielen check-peer-dependencies up to 4.3.4. Affected by this vulnerability is the function shelljs.exec of the file dist/packageUtils.js of the component peerDependencies. This manipulation causes os command injection. The attack may be initiated remotely. The...
CVE-2026-15033
Technical details (affected product/version, root cause, exploit details, or remediation) are not publicly provided in the supplied documents; monitor for updates.
CVE-2026-48891
A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with...
CVE-2026-48891
A vulnerability in Apache Airflow affects the UI at /ui/dependencies where the scheduling graph endpoint applies the caller’s readable-Dag filter to the top-level Dag key but still exposes Dag IDs in dep.source and dep.target for trigger/sensor entries. An authenticated UI user with read access t...
CVE-2026-48891 Apache Airflow: /ui/dependencies scheduling graph leaks unreadable Dag identifiers via trigger/sensor dep.source/dep.target
A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with...
CVE-2026-48891 Apache Airflow: /ui/dependencies scheduling graph leaks unreadable Dag identifiers via trigger/sensor dep.source/dep.target
A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with...
CVE-2026-48891
A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with...