14331 matches found
CVE-2026-55697
pnpm is vulnerable prior to 10.34.2 and 11.5.3: repository‑controlled configDependencies in pnpm-workspace.yaml could cause pnpm to install a repository‑controlled install‑engine (pacquet) by resolving a platform‑specific @pacquet/-/pacquet binary from node_modules/.pnpm-config and spawning it as...
MGASA-2026-0232 Updated nats-server packages fix security vulnerabilities
nats-server and its dependencies are updated to fix CVE-2025-30215 Missing access controls for JS API in multi-tenancy...
PT-2026-52522
Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.2 pnpm versions prior to 11.5.3 Description pnpm allows the installation of configDependencies declared in pnpm-workspace.yaml before command dispatch. A repository can declare pacquet or @pnpm/pacquet as a config...
UBUNTU-CVE-2026-10536
A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...
SUSE-SU-2026:2612-1 Security update for google-guest-agent
This update for google-guest-agent fixes the following issues Security issues: - CVE-2026-39821: Update golang.org/x/net/idna dependency bsc1266603. - CVE-2026-39827: Update golang.org/x/crypto dependency bsc1266171. - CVE-2026-39828: Update golang.org/x/crypto dependency bsc1266171. -...
SUSE-SU-2026:22328-1 Security update for google-cloud-sap-agent
This update for google-cloud-sap-agent fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265764. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for...
OPENSUSE-SU-2026:21010-1 Security update for google-cloud-sap-agent
This update for google-cloud-sap-agent fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265764. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for...
Malicious code in requests-enhancer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0f61f1a905e0ec1bb593f7b20d4f9a8a9e72deeb16440f72acbcaf00aeab1cd On import requestsenhancer, the package's init.py spawns a daemon thread that runs pip install...
MAL-2026-6247 Malicious code in requests-enhancer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0f61f1a905e0ec1bb593f7b20d4f9a8a9e72deeb16440f72acbcaf00aeab1cd On import requestsenhancer, the package's init.py spawns a daemon thread that runs pip install...
Malicious code in d0rk3r (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cbc673402f814b065eadc8be2641d761d482c30722fdd8e6b1b7522fde2f478 d0rk3r 1.0.5 is advertised as a Shodan IP scraper with proxy rotation, but the sdist ships no Python source — only LICENSE, README, pyproject.toml,...
MAL-2026-6246 Malicious code in d0rk3r (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cbc673402f814b065eadc8be2641d761d482c30722fdd8e6b1b7522fde2f478 d0rk3r 1.0.5 is advertised as a Shodan IP scraper with proxy rotation, but the sdist ships no Python source — only LICENSE, README, pyproject.toml,...
SUSE SLES16 Security Update : google-guest-agent (SUSE-SU-2026:22128-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22128-1 advisory. Changes in google-guest-agent: Update to version 20260430.00 Update OWNERS 609 Update THIRDPARTYLICENSES to be package specific...
CVE-2026-53858
OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATEDIRECTORY could influence bundled runtime dependency roots. Attackers can manipulate the STATEDIRECTORY variable to load runtime dependencies from unintended local paths, potentially...
CVE-2026-53858 OpenClaw < 2026.5.2 - Arbitrary Runtime Dependency Loading via STATE_DIRECTORY Environment Variable
OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATEDIRECTORY could influence bundled runtime dependency roots. Attackers can manipulate the STATEDIRECTORY variable to load runtime dependencies from unintended local paths, potentially...
CVE-2026-53858
OpenClaw (pre-2026.5.2) is affected by CVE-2026-53858: an environment variable injection flaw where the workspace .env STATE_DIRECTORY can influence bundled runtime dependency roots. An attacker can manipulate STATE_DIRECTORY to load runtime dependencies from unintended local paths, potentially e...
OPENSUSE-SU-2026:20969-1 Security update for google-guest-agent
This update for google-guest-agent fixes the following issues: Changes in google-guest-agent: Update to version 20260430.00 Update OWNERS 609 Update THIRDPARTYLICENSES to be package specific location. 608 Update dependencies and go version to 1.26.2 607 bsc1265762, CVE-2026-33814 Bump...
SUSE-SU-2026:22128-1 Security update for google-guest-agent
This update for google-guest-agent fixes the following issues: Changes in google-guest-agent: Update to version 20260430.00 Update OWNERS 609 Update THIRDPARTYLICENSES to be package specific location. 608 Update dependencies and go version to 1.26.2 607 bsc1265762, CVE-2026-33814 Bump...
Security update for neonmodem (important)
openSUSE security update: security update for neonmodem ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20963-1 Rating: important References: bsc1260727 bsc1267193 Cross-References: CVE-2026-25680 CVE-2026-25681 CVE-2026-27136 CVE-2026-33809...
[SECURITY] Fedora 43 Update: composer-2.10.1-1.fc43
Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...
exploitGuard
Run and deploy your AI Studio app This contains everything yo...