Lucene search
+L

8 matches found

github
github
added 2026/06/26 10:52 p.m.6 views

pnpm: Unsafe default behavior breaks integrity check

While it is unclear whether this should be classified as a vulnerability, it is being reported through this channel because the current behavior may represent an unsafe default. Summary pnpm install in non-frozen mode can accept new remote package content after detecting that the downloaded tarba...

8.1CVSS5.7AI score0.00113EPSS
Exploits1References3Affected Software1
euvd
euvd
added 2026/06/26 10:52 p.m.8 views

EUVD-2026-39489

pnpm: Unsafe default behavior breaks integrity check...

6.8CVSS5.8AI score0.00113EPSS
Exploits1References2
nvd
nvd
added 2026/06/25 6:16 p.m.10 views

CVE-2026-50573

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm install in non-frozen mode can accept new remote package content after detecting that the downloaded tarball does not match the integrity recorded in pnpm-lock.yaml. When a package is already locked with an integrity value, and the...

8.1CVSS0.00113EPSS
Exploits1References1
cvelist
cvelist
added 2026/06/25 4:50 p.m.32 views

CVE-2026-50573 pnpm: Unsafe default behavior breaks integrity check

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm install in non-frozen mode can accept new remote package content after detecting that the downloaded tarball does not match the integrity recorded in pnpm-lock.yaml. When a package is already locked with an integrity value, and the...

6.8CVSS0.00113EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/06/25 4:50 p.m.6 views

CVE-2026-50573

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm install in non-frozen mode can accept new remote package content after detecting that the downloaded tarball does not match the integrity recorded in pnpm-lock.yaml. When a package is already locked with an integrity value, and the...

6.8CVSS5.9AI score0.00113EPSS
Exploits1References2Affected Software1
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.20 views

PT-2026-52518

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description When running pnpm install in non-frozen mode, the package manager may accept new remote package content even after detecting that the downloaded tarball does not match th...

6.8CVSS5.8AI score0.00113EPSS
Exploits1References6
attackerkb
attackerkb
added 2026/03/18 1:34 a.m.3 views

CVE-2026-22168

OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in system.run that allows authenticated operators to execute arbitrary trailing arguments after cmd.exe /c while approval text reflects only a benign command. Attackers can smuggle malicious arguments throug...

7.1CVSS6.2AI score0.00406EPSS
Exploits0References4
cve
cve
added 2026/03/18 1:34 a.m.15 views

CVE-2026-22168

OpenClaw vulnerability CVE-2026-22168 affects versions prior to 2026.2.21. It describes an approval-integrity mismatch in system.run that lets authenticated operators pass arbitrary trailing arguments after cmd.exe /c, leading to local command execution on trusted Windows nodes with mismatched au...

8.8CVSS6.2AI score0.00406EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder