Lucene search
K

165 matches found

RedhatCVE
RedhatCVE
added 2026/07/08 6:40 a.m.10 views

CVE-2026-59195

A flaw was found in pnpm, a package manager. A remote attacker could exploit a path traversal vulnerability by crafting a malicious pnpm-lock.yaml file. When a user installs dependencies from such a repository, pnpm incorrectly processes package names from the configDependencies section, leading ...

8.2CVSS6AI score0.00257EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/07/06 1:58 p.m.6 views

CVE-2026-55698

A flaw was found in pnpm, a package manager. This vulnerability allows a remote attacker to achieve arbitrary code execution by committing a specially crafted package-manager lockfile pnpm-lock.yaml to a repository. When pnpm is executed, it trusts an already resolved packageManagerDependencies...

8.8CVSS6.6AI score0.00193EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/19 9:3 p.m.56 views

CVE-2026-34234 CtrlPanel: Unauthenticated RCE using installer script

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer public/installer/index.php is vulnerable to unauthenticated Remote Code Execution RCE because it performs the install.lock check only after including and executing form handler...

10CVSS0.00821EPSS
Exploits2References2
SUSE CVE
SUSE CVE
added 2026/04/23 1:25 a.m.7 views

SUSE CVE-2026-31477

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leaks and NULL deref in smb2lock smb2lock has three error handling issues after listdel detaches smblock from locklist at nocheckcl: 1 If vfslockfile returns an unexpected error in the non-UNLOCK path, goto out...

7.5CVSS5.6AI score0.00479EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/22 1:54 p.m.30 views

CVE-2026-31477 ksmbd: fix memory leaks and NULL deref in smb2_lock()

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leaks and NULL deref in smb2lock smb2lock has three error handling issues after listdel detaches smblock from locklist at nocheckcl: 1 If vfslockfile returns an unexpected error in the non-UNLOCK path, goto out...

7.5CVSS0.00479EPSS
Exploits0References6
CVE
CVE
added 2026/04/22 1:54 p.m.17 views

CVE-2026-31477

In CVE-2026-31477, the Linux kernel ksmbd component smb2_lock() had three error-handling issues after detaching smb_lock from lock_list: (1) non-UNLOCK path leaks smb_lock and its flock when vfs_lock_file() returns an unexpected error, (2) UNLOCK path leaks on -ENOENT with stale error code, and (...

7.5CVSS5.6AI score0.00479EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/22 1:54 p.m.1 views

CVE-2026-31477 ksmbd: fix memory leaks and NULL deref in smb2_lock()

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leaks and NULL deref in smb2lock smb2lock has three error handling issues after listdel detaches smblock from locklist at nocheckcl: 1 If vfslockfile returns an unexpected error in the non-UNLOCK path, goto out...

7.5CVSS5.8AI score0.00479EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/04/16 1:34 a.m.16 views

Renovate affected by remote code execution was possible using the bazel-module or bazelisk managers, when using lockFileMaintenance

When using lockFileMaintenance using the bazel-module or bazelisk managers between Renovate 43.65.0 2026-03-12 and 43.102.11 2026-04-02, there was the opportunity for remote code execution from a malicious dependency, if the Bazel module executes code that relies on a dependency. As this is an...

6.4AI score
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/23 1:59 p.m.7 views

Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation

Summary A security vulnerability in Python affects IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2025-68146 DESCRIPTION: filelo...

6.5CVSS7.4AI score0.00184EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.5 views

EulerOS 2.0 SP13 : python-virtualenv (EulerOS-SA-2026-1260)

According to the versions of the python-virtualenv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use...

4.5CVSS5.8AI score0.00085EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/21 10:57 p.m.7 views

CVE-2026-22702

A flaw was found in virtualenv, a tool for creating isolated virtual Python environments. A local attacker can exploit a Time-of-Check-Time-of-Use TOCTOU race condition during directory creation operations. By performing symlink-based attacks, the attacker can redirect virtualenv's application da...

4.5CVSS5.6AI score0.00085EPSS
Exploits0References6
OSV
OSV
added 2026/01/13 6:45 p.m.4 views

GHSA-597G-3PHW-6986 virtualenv Has TOCTOU Vulnerabilities in Directory Creation

Impact TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and creation to redirect virtualenv's appdat...

4.5CVSS6.4AI score0.00085EPSS
Exploits0References5
EUVD
EUVD
added 2026/01/13 6:44 p.m.6 views

EUVD-2026-1870

filelock Time-of-Check-Time-of-Use TOCTOU Symlink Vulnerability in SoftFileLock...

5.3CVSS6AI score0.00115EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/01/13 6:44 p.m.11 views

filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock

Vulnerability Summary Title: Time-of-Check-Time-of-Use TOCTOU Symlink Vulnerability in SoftFileLock Affected Component: filelock package - SoftFileLock class File: src/filelock/soft.py lines 17-27 CWE: CWE-362, CWE-367, CWE-59 --- Description A TOCTOU race condition vulnerability exists in the...

5.3CVSS6.8AI score0.00115EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/01/13 8:53 a.m.4 views

BIT-VIRTUALENV-2026-22702 virtualenv Has TOCTOU Vulnerabilities in Directory Creation

virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a rac...

4.5CVSS6.4AI score0.00085EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/01/13 12:24 a.m.6 views

SUSE CVE-2026-22702

virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a rac...

4.5CVSS6.5AI score0.00085EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.6 views

Fedora 43 : composer (2026-0b03072979)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-0b03072979 advisory. Version 2.9.3 - 2025-12-30 Security: Fixed ANSI sequence injection GHSA-59pp-r3rg-353g / CVE-2025-67746 Fixed COMPOSERNOSECURITYBLOCKING env var not being...

5.3CVSS6AI score0.00405EPSS
Exploits0References2
OSV
OSV
added 2026/01/10 7:16 a.m.7 views

UBUNTU-CVE-2026-22702

virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a rac...

4.5CVSS5.7AI score0.00085EPSS
Exploits0References5
OSV
OSV
added 2026/01/10 6:15 a.m.6 views

AZL-79235 CVE-2026-22701 affecting package python-filelock 3.0.12-13

filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a race condition betwee...

5.3CVSS5.7AI score0.00115EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/10 6:5 a.m.29 views

CVE-2026-22702 virtualenv Has TOCTOU Vulnerabilities in Directory Creation

virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a rac...

4.5CVSS0.00085EPSS
Exploits0References3
Rows per page
Query Builder