595393 matches found
EUVD-2026-39487
pnpm: stage download writes outside its destination directory via manifest name/version traversal...
EUVD-2026-39484
pnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytes...
EUVD-2026-39483
pnpm: Repository-controlled configDependencies can select a pacquet native install engine...
EUVD-2026-39488
pnpm Has an Integrity Check Bypass via Missing Lockfile Integrity Field...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: tigera-operator, helm, nerdctl, terraform, k3s, argo-workflows-fips, kubescape-server, traefik, gitea-fips, omnictl-multiarch, k9s-fips, kubescape-server-fips, external-dns, opentofu, knative-kafka-broker, skaffold-fips, drone, trivy-operator, minio-fips, kaf,...
GHSA-M578-W5VF-RFCM vulnerabilities
Vulnerabilities for packages: ruby3.3-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset...
GHSA-9PPP-W3G4-FH4Q vulnerabilities
Vulnerabilities for packages: ruby3.3-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset...
GHSA-3V45-F3VH-WG7M vulnerabilities
Vulnerabilities for packages: ruby3.3-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset...
CVE-2026-54903 vulnerabilities
Vulnerabilities for packages: ruby3.3-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset...
GHSA-MPWR-8VM7-H73F vulnerabilities
Vulnerabilities for packages: nfpm, cert-manager, nuclei, x509-certificate-exporter, splunk-otel-collector, goreleaser...
CVE-2026-30405 vulnerabilities
Vulnerabilities for packages: kube-vip...
GHSA-PWFV-328H-75X9 vulnerabilities
Vulnerabilities for packages: filebrowser, mailpit, mattermost...
CVE-2026-46602 vulnerabilities
Vulnerabilities for packages: filebrowser, mailpit, mattermost...
CVE-2026-44736
OpenProject vulnerability CVE-2026-44736 affects the OpenProject web-based project management platform. The flaw exists in the GET /api/v3/relations endpoint prior to version 17.4.0, allowing any authenticated user to retrieve relations and the titles of work packages they should not have permiss...
CVE-2026-52785
OpenProject prior to versions 17.3.3 and 17.4.1 contains a SQL injection in the timestamps functionality. The vulnerability is tied to the baseline comparison feature, where the timestamps parameter can be used to request historic work-package attributes. The issue is fixed in 17.3.3 and 17.4.1. ...
Jan v0.4.12 'readFileSync' - Path Traversal
Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface. id: CVE-2024-36857 info: name: Jan v0.4.12 'readFileSync' - Path Traversal author: Yusuf Amr severity: high description: | Jan v0.4.12 was discovered to contain an arbitrary file rea...
CVE-2026-57518
Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom roles to themselves due to missing authorization checks in UserApiController::saveAction. Attackers can...
CVE-2026-57518
Pagekit CMS 1.0.18 contains a privilege escalation flaw in UserApiController::saveAction(). Authenticated users with the 'user: manage users' permission can assign arbitrary custom roles to themselves, including roles with 'system: manage packages' permission, enabling them to upload and install ...
EUVD-2026-39795
Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom roles to themselves due to missing authorization checks in UserApiController::saveAction. Attackers can...
CVE-2026-57518
Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom roles to themselves due to missing authorization checks in UserApiController::saveAction. Attackers can...