Lucene search
K

9 matches found

Cvelist
Cvelist
added 2026/06/25 4:47 p.m.29 views

CVE-2026-55700 pnpm: stage download writes outside destination via manifest version traversal

pnpm is a package manager. From 11.3.0 until 11.5.3, pnpm stage download derived a local filename from registry-controlled package name and version fields. A crafted manifest could escape the selected download directory and overwrite another reachable file. The merged fix validates both fields,...

7.1CVSS0.00267EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/06 11:9 p.m.9 views

PraisonAI recipe registry publish path traversal allows out-of-root file write

Summary PraisonAI's recipe registry publish endpoint writes uploaded recipe bundles to a filesystem path derived from the bundle's internal manifest.json before it verifies that the manifest name and version match the HTTP route. A malicious publisher can place ../ traversal sequences in the bund...

7.1CVSS6.1AI score0.00334EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/06 11:9 p.m.14 views

GHSA-R9X3-WX45-2V7F PraisonAI recipe registry publish path traversal allows out-of-root file write

Summary PraisonAI's recipe registry publish endpoint writes uploaded recipe bundles to a filesystem path derived from the bundle's internal manifest.json before it verifies that the manifest name and version match the HTTP route. A malicious publisher can place ../ traversal sequences in the bund...

7.1CVSS6.1AI score0.00334EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.3 views

PT-2026-30767

Summary PraisonAI's recipe registry publish endpoint writes uploaded recipe bundles to a filesystem path derived from the bundle's internal manifest.json before it verifies that the manifest name and version match the HTTP route. A malicious publisher can place ../ traversal sequences in the bund...

7.1CVSS6.1AI score0.00334EPSS
Exploits1References6
Malwarebytes
Malwarebytes
added 2026/02/02 6:11 p.m.6 views

How Manifest v3 forced us to rethink Browser Guard, and why that’s a good thing

As a Browser Guard user, you might not have noticed much difference lately. Browser Guard still blocks scams and phishing attempts just like always, and, in many cases, even better. But behind the scenes, almost everything changed. The rules that govern how browser extensions work went through a...

5.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 3:19 p.m.2 views

Malicious code in joko-tempe41-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 665bede8a24852c4de185354a8772dc6c7bc660bf2d8dcc17011e7fe925fc121 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/10/09 3:0 p.m.9 views

Ensuring Safe and Reliable Updates with Qualys TruRisk™ Manifest Version Control

The Fragility of “One Bad Update” In cybersecurity, speed is non-negotiable. New vulnerabilities surface daily, and enterprises expect coverage the moment exploits are in the wild. For years, the mantra was simple: push signatures fast, and you reduce risk. Faster updates meant faster protection...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/18 12:0 a.m.3 views

Developers Insight on Manifest V3 Privacy and Security Webextensions

Webextensions can improve web browser privacy, security, and user experience. The APIs offered by the browser to webextensions affect possible functionality. Currently, Chrome transitions to a modified set of APIs called Manifest v3. This paper studies the challenges and opportunities of Manifest...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2020/02/07 7:38 p.m.240 views

New EOL QIDs for Microsoft Windows 7 and 2008/R2

Qualys Vulnerability Signature, version 2.4.815-2, will include EOL QIDs detections for end-of-life software for Windows 7, Windows 2008, and Windows 2008 R2. Customers will be able to scan the QIDs shown below using Qualys Vulnerability Management VM: QID 105859 - EOL/Obsolete Operating System:...

1.6AI score
Exploits0
Rows per page
Query Builder