Lucene search
K

123 matches found

NVD
NVD
added 6 days ago6 views

CVE-2026-56288

GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk single block of changes in diff data structures, causing the application to pass a NULL pointer...

5.5CVSS0.00115EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/07/06 1:58 p.m.7 views

CVE-2026-50015

A flaw was found in pnpm. An attacker can exploit this by contributing a malicious patch file through a pull request. During the pnpm install process, the patch application pipeline fails to validate file paths extracted from these patch files. This allows the attacker to write or delete arbitrar...

7.3CVSS6.5AI score0.0027EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/26 10:59 p.m.7 views

EUVD-2026-39492

pnpm Vulnerable to Arbitrary File Write/Delete via Malicious Patch File Path Traversal...

7.3CVSS5.8AI score0.0027EPSS
Exploits1References2
NVD
NVD
added 2026/06/25 6:16 p.m.9 views

CVE-2026-50015

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's patch application pipeline @pnpm/patch-package performs no path validation on file paths extracted from .patch files. An attacker who contributes a malicious patch file via a pull request can write attacker-controlled content to or...

7.3CVSS0.0027EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/25 4:52 p.m.21 views

CVE-2026-50015 pnpm: Arbitrary File Write/Delete via Malicious Patch File (Path Traversal)

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's patch application pipeline @pnpm/patch-package performs no path validation on file paths extracted from .patch files. An attacker who contributes a malicious patch file via a pull request can write attacker-controlled content to or...

7.3CVSS0.0027EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 4:52 p.m.23 views

CVE-2026-50015

CVE-2026-50015 affects the pnpm package manager via its patch application pipeline (@pnpm/patch-package). The vulnerability arises because, prior to 10.34.0 and 11.4.0, patch file diff headers can contain traversals like ../../, and the pipeline performs no path validation on file paths extracted...

7.3CVSS6.1AI score0.0027EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/06/17 12:0 a.m.2 views

CVE-2026-39199

snes9x 1.63 allows an out-of-bounds write and denial of service via a crafted .ups file...

2.9CVSS5.9AI score0.00125EPSS
Exploits0References5
CVE
CVE
added 2026/06/17 12:0 a.m.15 views

CVE-2026-39199

The CVE-2026-39199 entry affects snes9x 1.63 and describes an out-of-bounds write that leads to a denial of service when processing a crafted .ups patch file. The vulnerability is tied to the emulator’s handling of UP.patch data, causing a crash (DoS) when a malicious or malformed patch is loaded...

2.9CVSS5.2AI score0.00125EPSS
Exploits0References3
OSV
OSV
added 2026/04/21 9:24 a.m.4 views

SUSE-SU-2026:1519-1 Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Internal changes to fix build issues with no impact for customers spacecmd: - Version 5.1.13-0 Updated translation strings uyuni-tools: - Version 5.1.26-0 Fixed applying PTF with images from RPMs bsc1252548 Ssl Key...

8.7CVSS5.7AI score0.00375EPSS
Exploits0References18
OSV
OSV
added 2026/03/03 6:16 p.m.5 views

CVE-2025-63910

An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file...

7.2CVSS6.2AI score0.00356EPSS
Exploits2References3
NVD
NVD
added 2026/03/03 6:16 p.m.5 views

CVE-2025-63910

An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file...

7.2CVSS0.00356EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2026/03/03 12:0 a.m.5 views

CVE-2025-63910

An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file...

7.2CVSS6.3AI score0.00356EPSS
Exploits2References3
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.8 views

Cohesity TranZman 安全漏洞

Cohesity TranZman is a data migration and recovery software developed by Cohesity Corporation. Version 4.0 Build 14614 of Cohesity TranZman contains a security vulnerability. This vulnerability arises from the upload of any file with authenticated access, potentially allowing attackers with...

7.2CVSS6.2AI score0.00356EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/03/03 12:0 a.m.5 views

CVE-2025-63910

An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file...

7.2CVSS6.3AI score0.00356EPSS
Exploits2References4
OSV
OSV
added 2026/02/12 3:26 p.m.9 views

CLSA-2026-1770909956 Fix CVE(s): CVE-2026-23876

SECURITY UPDATE: out of bounds write vulnerability in XBM decoder - debian/patches/CVE-2026-23876.patch: add overflow checks to prevent out of bounds write in coders/xbm.c - CVE-2026-23876...

9.8CVSS7.3AI score0.00609EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/04 7:32 p.m.30 views

CVE-2026-25143 melange affected by potential host command execution via license-check YAML mode patch pipeline

melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...

7.8CVSS0.00175EPSS
Exploits0References2
OSV
OSV
added 2026/02/02 2:1 p.m.12 views

CLSA-2026-1770040871 Fix CVE(s): CVE-2023-4781

Fix CVE-2023-4781.patch - debian/patches/CVE-2023-4781.patch: patch winexchange instead of winrotate...

7.8CVSS7.2AI score0.00606EPSS
Exploits1References1
OSV
OSV
added 2026/01/22 2:0 p.m.5 views

CLSA-2026-1768989383 Fix CVE(s): CVE-2025-68973

SECURITY UPDATE: Possible memory corruption in the armor parser - debian/patches/CVE-2025-68973.patch: fix faulty double increment - CVE-2025-68973...

7.8CVSS6.8AI score0.00129EPSS
Exploits1References1
OSV
OSV
added 2026/01/13 10:40 a.m.8 views

CLSA-2026-1768300849 Fix CVE(s): CVE-2024-50349

SECURITY UPDATE: improper encoding or escaping of credential handling - debian/patches/CVE-2024-50349.patch: fix ANSI escape sequence vulnerability that occurs when asking for credentials interactively - CVE-2024-50349...

4.7CVSS5.8AI score0.00643EPSS
Exploits0References1
OSV
OSV
added 2026/01/12 1:34 p.m.10 views

CLSA-2026-1768224866 Fix CVE(s): CVE-2025-58436

SECURITY UPDATE: Possible DoS attack caused by a slow client communication - debian/patches/CVE-2025-58436.patch: fix unresponsive cupsd process caused by a slow client - CVE-2025-58436...

5.5CVSS6AI score0.00195EPSS
Exploits1References1
Rows per page
Query Builder