EUVD-2026-4656

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of nodemodules/.bin. Bin names starting with @ bypass validation, and after scope normalization, path traversal...

EUVD-2023-3042

Malicious code in bioql PyPI...

CVE-2023-46132

Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions...

BIT-HYPERLEDGER-FABRIC-ORDERER-2023-46132 Crosslinking transaction attack in hyperledger/fabric

Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from US-based GitLab with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery and other features. GitLab has a security vulnerability that stems from users being able to link...

Link to Windows Service 授权问题漏洞

Link to Windows Service is used to link to windows service. A security vulnerability exists in Link to Windows Service versions prior to 2.3.04.1, which stems from incorrect authentication before linking to a Windows service...

Jenkins Pipeline 后置链接漏洞

Jenkins Pipeline is a set of plugins that support the implementation and integration of continuous delivery pipelines into Jenkins. The Jenkins Pipeline Groovy Plugin suffers from a back-linking vulnerability that stems from the fact that Jenkins Pipeline Groovy Plugin 2648.va9433432b33c and...