Lucene search
+L

207 matches found

NVD
NVD
added 2026/06/30 9:16 p.m.7 views

CVE-2026-44628

An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record...

8.7CVSS0.00395EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 9:16 p.m.3 views

DEBIAN-CVE-2026-44628

An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record...

8.7CVSS6AI score0.00395EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 8:54 p.m.8 views

EUVD-2026-40412

An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record...

8.7CVSS5.8AI score0.00395EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 8:54 p.m.32 views

CVE-2026-44628

CVE-2026-44628 corresponds to an OFFIS DCMTK Toolkit Type Confusion issue. An unauthenticated attacker can crash the worklist server by sending a single crafted query when the server has a valid Called AE Title/storage directory, the expected lockfile, and at least one matching worklist record. T...

8.7CVSS5.8AI score0.00395EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/30 8:54 p.m.6 views

CVE-2026-44628

An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record...

8.7CVSS6AI score0.00395EPSS
Exploits0
OSV
OSV
added 2026/06/30 8:54 p.m.4 views

CVE-2026-44628 OFFIS DCMTK Toolkit Type Confusion

An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record...

8.7CVSS6AI score0.00395EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.19 views

PT-2026-53987

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An unauthenticated attacker can cause a crash of the worklist server by sending a single crafted query. This occurs when the server is configured with a valid...

8.7CVSS6AI score0.00395EPSS
Exploits0References8
Snyk
Snyk
added 2026/06/27 12:13 a.m.20 views

Directory Traversal

Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to Directory Traversal via the configDependencies process. An attacker can create symlinks outside the intended directory by supplying crafted package names with traversal components in...

8.2CVSS6.5AI score0.00257EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/27 12:13 a.m.15 views

Directory Traversal

Overview @pnpm/installing.env-installer is an Installer for configurational dependencies Affected versions of this package are vulnerable to Directory Traversal via the configDependencies process. An attacker can create symlinks outside the intended directory by supplying crafted package names wi...

8.2CVSS6.5AI score0.00257EPSS
Exploits1References2
OSV
OSV
added 2026/06/27 12:13 a.m.14 views

GHSA-QRV3-253H-G69C pnpm: Path traversal in configDependencies env lockfile allows symlink creation outside node_modules/.pnpm-config

Summary pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks under nodemodules/.pnpm-config. A malicious repository can commit a crafted pnpm-lock.yaml whose env-lockfile document contains a...

8.2CVSS5.7AI score0.00257EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/27 12:2 a.m.9 views

External Control of File Name or Path

Overview @pnpm/installing.deps-installer is a Fast, disk space efficient installation engine Affected versions of this package are vulnerable to External Control of File Name or Path via the lockfile alias handling process. An attacker can overwrite files or directories outside the intended...

7.1CVSS5.8AI score0.00262EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/27 12:2 a.m.9 views

External Control of File Name or Path

Overview @pnpm/installing.deps-restorer is a Fast installation using only pnpm-lock.yaml Affected versions of this package are vulnerable to External Control of File Name or Path via the lockfile alias handling process. An attacker can overwrite files or directories outside the intended nodemodul...

7.1CVSS5.8AI score0.00262EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/27 12:2 a.m.10 views

External Control of File Name or Path

Overview @pnpm/installing.deps-resolver is a Resolves dependency graph of a package Affected versions of this package are vulnerable to External Control of File Name or Path via the lockfile alias handling process. An attacker can overwrite files or directories outside the intended nodemodules...

7.1CVSS5.8AI score0.00262EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/27 12:2 a.m.6 views

External Control of File Name or Path

Overview @pnpm/fs.symlink-dependency is a Symlink a dependency to nodemodules Affected versions of this package are vulnerable to External Control of File Name or Path via the lockfile alias handling process. An attacker can overwrite files or directories outside the intended nodemodules director...

7.1CVSS5.8AI score0.00262EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/27 12:2 a.m.12 views

External Control of File Name or Path

Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to External Control of File Name or Path via the lockfile alias handling process. An attacker can overwrite files or directories outside the intended nodemodules directory by crafting a...

7.1CVSS5.8AI score0.00262EPSS
Exploits1References3
OSV
OSV
added 2026/06/27 12:2 a.m.8 views

GHSA-FR4H-3CPH-29XV pnpm: Hoisted install imports lockfile alias outside node_modules

Summary The hoisted dependency alias issue tracked as GHSA-fr4h-3cph-29xv / CAND-PNPM-059 has been addressed in both pnpm and pacquet. A crafted lockfile alias could be joined directly under a hoisted nodemodules directory. Traversal aliases could escape that directory, while reserved aliases suc...

7.1CVSS5.8AI score0.00262EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/26 11:34 p.m.10 views

EUVD-2026-39484

pnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytes...

8.8CVSS5.8AI score0.00193EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/26 10:53 p.m.10 views

EUVD-2026-39490

pnpm: Git Fetch Argument Injection via Lockfile resolution.commit...

6.4CVSS5.8AI score0.0018EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/26 10:53 p.m.8 views

pnpm: Git Fetch Argument Injection via Lockfile resolution.commit

Summary pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected 40-character commit hash with a Git option such as...

7.3CVSS6AI score0.0018EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/06/26 10:53 p.m.11 views

EUVD-2026-39488

pnpm Has an Integrity Check Bypass via Missing Lockfile Integrity Field...

6.8CVSS5.8AI score0.00126EPSS
Exploits1References2
Rows per page
Query Builder