CVE-2026-55697

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. Before the patch, a repository could declare pacquet or @pnpm/pacquet as a config dependency and pnpm treated that repository-controlled dependency ...

curl: Title: Remote Code Execution (RCE) via Arbitrary Library Loading in `--engine` option

Summary: The curl command-line tool is vulnerable to Arbitrary Code Execution on POSIX-like systems Linux, macOS, etc.. The --engine option allows loading an OpenSSL crypto engine from a shared library .so file. Crucially, this option accepts an absolute or relative path to the library file,...

USN-7639-1 apache2 vulnerabilities

It was discovered that the Apache HTTP Server incorrectly handled certain Content-Type response headers. A remote attacker could possibly use this issue to perform HTTP response splitting attacks. CVE-2024-42516 xiaojunjie discovered that the Apache HTTP Server modproxy module incorrectly handled...