146 matches found
EUVD-2026-44763
The PackagerResolver of Apache Ivy is able to download online artifacts and to repackage them in a format defined by a packager.xml file. This repackaging is done by an Ant script, which is stored in a subdirectory of the configured "buildRoot" directory. This subdirectory is calculated based on...
CVE-2026-26032
The PackagerResolver of Apache Ivy is able to download online artifacts and to repackage them in a format defined by a packager.xml file. This repackaging is done by an Ant script, which is stored in a subdirectory of the configured "buildRoot" directory. This subdirectory is calculated based on...
CVE-2026-26032
Summary of CVE-2026-26032 (Apache Ivy): The PackagerResolver can repack downloaded artifacts via an Ant script in a subdirectory of buildRoot. If any Ivy coordinates contain "../" sequences, an attacker who can access a packager repository can escape the buildRoot and overwrite other files. The i...
gpac 缓冲区错误漏洞
GPAC MP4Box is a open-source multimedia packager developed by GPAC. It is primarily used for processing ISOBMF files such as MP4 and 3GP, but it can also be used for importing/exporting media from container files like AVI, MPG, MKV, and MPEG-2 TS. Version 2.4 of GPAC MP4Box contains a security...
GPAC MP4Box 异常处理不当漏洞
GPAC MP4Box is a multimedia packager. It is primarily used for processing ISOBMF files such as MP4 and 3GP, but it can also be used for importing/exporting media from container files like AVI, MPG, MKV, and MPEG-2 TS. Versions of GPAC MP4Box prior to 26.02.0 contained a security vulnerability...
MAL-2026-3574 Malicious code in @uipath/solution-packager (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6487ed6520bb356b10f79e676ab8025235c19230de13836f08cf630171420426 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/project-packager (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fdd50cfa0aae7619d6766f47b468fca17a04673407486d5c747f860c0c2e22b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3567 Malicious code in @uipath/project-packager (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fdd50cfa0aae7619d6766f47b468fca17a04673407486d5c747f860c0c2e22b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/packager-tool-workflowcompiler-browser (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1592fda84153cb5e8d6559b95a932b4187fb3e4fe3d39f0bc0490547d72e3c5e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/packager-tool-webapp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c76aeb1a6159cbf098abccd70c3d3006fb763c2ef580545a64d87267a79705ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3563 Malicious code in @uipath/packager-tool-webapp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c76aeb1a6159cbf098abccd70c3d3006fb763c2ef580545a64d87267a79705ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/packager-tool-functions (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ecd70af63416c44f0ddb62846ccd313a62afda6fb1664a7cc989789cd983a6cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3562 Malicious code in @uipath/packager-tool-functions (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ecd70af63416c44f0ddb62846ccd313a62afda6fb1664a7cc989789cd983a6cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/packager-tool-flow (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14153c2050bb9ca128e3cc52251f2321826f0e288b065f37d74b5479a29cf70d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/packager-tool-connector (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 71f9d2ad382e0688b46186b2090090f9a0e6e67bac2e906f8242e93b60587c90 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3560 Malicious code in @uipath/packager-tool-connector (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 71f9d2ad382e0688b46186b2090090f9a0e6e67bac2e906f8242e93b60587c90 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/packager-tool-case (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ada59d259c9e6d817c3f2381a537459e5920f1869250c0aa9798c64089fbb8a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3559 Malicious code in @uipath/packager-tool-case (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ada59d259c9e6d817c3f2381a537459e5920f1869250c0aa9798c64089fbb8a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3557 Malicious code in @uipath/packager-tool-apiworkflow (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2532ba4b933b817782f96af980a35816630ae13b035f9c2e4c977517be3e961d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2026-40423
Name of the Vulnerable Software and Affected Versions Pulpy versions prior to 0.1.1 Description Pulpy injects a pulpy.fs JavaScript API into packaged web applications to provide host filesystem access. The validateFsPath function, intended to sandbox this access, contains an incomplete blocklist...