Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-55849

@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied --workspace values to a subshell without proper sanitization when npmexecpath is unset or empty, allowing arbitrary OS command execution with the privileg...

8.5CVSS6.2AI score0.0016EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2 days ago18 views

CVE-2026-55849

The CVE affects @cyclonedx/cyclonedx-npm: from 2.1.0 up to 5.0.0, the CLI passes user-supplied --workspace values to a subshell when npm_execpath is unset or empty, enabling arbitrary OS command execution with the invoking user’s privileges. Root cause is unsanitized input used in a shell command...

8.5CVSS6.2AI score0.0016EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.34 views

PT-2026-51119

Name of the Vulnerable Software and Affected Versions @cyclonedx/cyclonedx-npm versions 2.1.0 through 4.x Description Command injection occurs when the CLI is invoked with the --workspace option while the environment variable npm execpath is unset or empty. In this scenario, user-supplied values...

8.5CVSS6.2AI score0.0016EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.10 views

PT-2026-49763

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.29 Description A path traversal issue exists in the install helper where workspace .env files can override the npm execpath configuration used for bundled runtime dependency installation. This allows an attack...

7.1CVSS5.4AI score0.00118EPSS
Exploits0References5
Rows per page
Query Builder