Lucene search
K

5 matches found

Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.25 views

PT-2026-50147

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.12 Description When running in BYONM mode nodeModulesDir: "manual", the module resolver fails to validate that a package's resolved entrypoint remains within its node modules// directory. A malicious package.json...

5.5CVSS6AI score0.00135EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/01/28 12:24 a.m.3 views

SUSE CVE-2026-24131

pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory,...

6.7CVSS6AI score0.00244EPSS
Exploits1References3
CVE
CVE
added 2026/01/26 10:3 p.m.20 views

CVE-2026-24131

CVE-2026-24131 concerns pnpm, a package manager. Before version 10.28.2, processing a package’s directories.bin field could join a path without ensuring it stayed under the package root, enabling a crafted package to escape the package and chmod files at arbitrary locations on Unix-like systems. ...

6.7CVSS6AI score0.00244EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/01/26 10:3 p.m.7 views

CVE-2026-24131

pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory,...

6.7CVSS6AI score0.00244EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.4 views

PT-2026-4829

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.28.2 Description pnpm, a package manager, is susceptible to a file permission issue when processing the directories.bin field within a package. A malicious npm package can manipulate this field, specifically by using...

6.7CVSS6.1AI score0.00244EPSS
Exploits1References11
Rows per page
Query Builder