CVE-2019-20610

An issue was discovered on Samsung mobile devices with N7.X and O8.X Exynos 7570, 7870, 7880, 7885, 8890, 8895, and 9810 chipsets software. A double-fetch vulnerability in Trustlet allows arbitrary TEE code execution. The Samsung ID is SVE-2019-13910 April 2019...

CVE-2024-39654

Missing Authorization vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets.This issue affects Sign-up Sheets: from n/a through = 2.2.12...

CVE-2016-10408

QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory...

Protection Mechanism Failure

Overview Affected versions of this package are vulnerable to Protection Mechanism Failure during pnpm install. An attacker can execute arbitrary code by introducing a malicious git-hosted dependency that leverages prepare, prepublish, or prepack scripts during the fetch phase. Remediation Upgrade...

CVE-2025-69264 pnpm v10+ Bypass "Dependency lifecycle scripts execution disabled by default"

pnpm is a package manager. Versions 10.0.0 through 10.25 allow git-hosted dependencies to execute arbitrary code during pnpm install, circumventing the v10 security feature "Dependency lifecycle scripts execution disabled by default". While pnpm v10 blocks postinstall scripts via the...

CVE-2025-69264

CVE-2025-69264 affects pnpm v10.x prior to 10.26.0. It describes a bypass where git-hosted dependencies can execute scripts during the FETCH phase of pnpm install, despite the v10 feature that disables dependency lifecycle scripts by default. Specifically, while postinstall scripts are blocked vi...

CVE-2025-69264 pnpm v10+ Bypass "Dependency lifecycle scripts execution disabled by default"

pnpm is a package manager. Versions 10.0.0 through 10.25 allow git-hosted dependencies to execute arbitrary code during pnpm install, circumventing the v10 security feature "Dependency lifecycle scripts execution disabled by default". While pnpm v10 blocks postinstall scripts via the...

CVE-2025-69264 pnpm v10+ Bypass "Dependency lifecycle scripts execution disabled by default"

pnpm is a package manager. Versions 10.0.0 through 10.25 allow git-hosted dependencies to execute arbitrary code during pnpm install, circumventing the v10 security feature "Dependency lifecycle scripts execution disabled by default". While pnpm v10 blocks postinstall scripts via the...

CVE-2025-69264

pnpm is a package manager. Versions 10.0.0 through 10.25 allow git-hosted dependencies to execute arbitrary code during pnpm install, circumventing the v10 security feature "Dependency lifecycle scripts execution disabled by default". While pnpm v10 blocks postinstall scripts via the...

pnpm v10+ Bypass "Dependency lifecycle scripts execution disabled by default"

pnpm v10+ Git Dependency Script Execution Bypass Summary A security bypass vulnerability in pnpm v10+ allows git-hosted dependencies to execute arbitrary code during pnpm install, circumventing the v10 security feature "Dependency lifecycle scripts execution disabled by default". While pnpm v10...

GHSA-379Q-355J-W6RJ pnpm v10+ Bypass "Dependency lifecycle scripts execution disabled by default"

pnpm v10+ Git Dependency Script Execution Bypass Summary A security bypass vulnerability in pnpm v10+ allows git-hosted dependencies to execute arbitrary code during pnpm install, circumventing the v10 security feature "Dependency lifecycle scripts execution disabled by default". While pnpm v10...

CVE-2025-68437

Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, the Craft CMS GraphQL saveAsset mutation is vulnerable to Server-Side Request Forgery SSRF. This vulnerability arises because the file input, specifically its url parameter,...

PT-2026-1941

Name of the Vulnerable Software and Affected Versions pnpm versions 10.0.0 through 10.25 Description pnpm is a package manager affected by an issue where git-hosted dependencies can execute arbitrary code during the pnpm install process. This bypasses the security feature introduced in version 10...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000420)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000420 advisory. The mptctlioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation...

Spinnaker vulnerable to SSRF due to improper restrictions on http from user input

Impact The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into Spinnaker pipelines via helm or other methods to extract things LIKE idmsv1 authentication data. This ALSO includes calling INTERNAL Spinnaker API's via a get and similar endpoints...

EUVD-2026-0845

Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, the Craft CMS GraphQL saveAsset mutation is vulnerable to Server-Side Request Forgery SSRF. This vulnerability arises because the file input, specifically its url parameter,...

CVE-2025-61916 Spinnaker vulnerable to SSRF due to improper restrictions on http from user input

Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinnaker pipelines vi...

TFTP Fetch, Linux Execute Command

Fetch and execute an RISC-V 32-bit payload from a TFTP server. Execute an arbitrary command Module Options msf use payload/cmd/linux/tftp/riscv32le/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec ru...

HTTPS Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an RISC-V 64-bit payload from an HTTPS server. Connect back to attacker and spawn a command shell. Module Options msf use payload/cmd/linux/https/riscv64le/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf...

TFTP Fetch, Linux Chmod

Fetch and execute an RISC-V 32-bit payload from a TFTP server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/tftp/riscv32le/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set...