Lucene search
+L

127 matches found

osv
osv
added 2026/06/26 7:50 a.m.4 views

OPENSUSE-SU-2026:21161-1 Security update for python-pdm

This update for python-pdm fixes the following issues: Changes in python-pdm: - CVE-2026-47763: Do not follow symlinks when writing config files bsc1268384 - CVE-2026-47763: Do not write to paths outside the scheme dir bsc1268385 - CVE-2026-47781: Update plugin installation path to use...

5.8AI score0.00047EPSS
Exploits0References6
osv
osv
added 2026/06/25 12:0 a.m.2 views

OPENSUSE-SU-2026:11124-1 python311-pdm-2.28.0-1.1 on GA media

These are all security issues fixed in the python311-pdm-2.28.0-1.1 package on the GA media of openSUSE Tumbleweed...

5.8AI score0.00047EPSS
Exploits0References3
astralinux
astralinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: fixed a memory leak in acp3x pdm DMA operations...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References2
github
github
added 2026/06/11 1:25 p.m.11 views

PDM: Project-Controlled `.pdm-plugins` Content Executes Before CLI Parsing

Summary PDM automatically loads project-local plugin paths from .pdm-plugins during Core initialization. Because this path is added via site.addsitedir, attacker-controlled .pth files inside the project plugin directory are processed and can execute Python code before normal CLI handling begins...

6.3AI score0.00028EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/06/10 8:33 p.m.6 views

GHSA-78V8-VPJP-CJQH PDM wheel installation leads to Path Traversal via overridden write_to_fs

InstallDestination.writetofs in src/pdm/installers/installers.py overrides the base class to add symlink/hardlink support but replaces the safe pathwithdestdir which validates via Path.resolve + isrelativeto with a bare os.path.join that performs no path validation. A malicious wheel with travers...

7.1CVSS5.6AI score0.00047EPSS
Exploits0References4
github
github
added 2026/06/10 8:32 p.m.21 views

PDM: Project-Local State and Config Writes Follow Symlinks

Summary PDM writes several project-local state or configuration files without symlink protection. If a malicious repository places those files as symlinks, local PDM operations can overwrite the symlink targets. This creates an arbitrary file clobber primitive relative to the privileges of the...

5.9AI score0.00024EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2026/06/10 12:0 a.m.68 views

PT-2026-48600

Name of the Vulnerable Software and Affected Versions PDM versions prior to 2.28.0-1.1 Description PDM writes project-local state and configuration files without symlink protection, allowing a malicious repository to use symlinks to overwrite files outside the repository root. This creates an...

6.8CVSS6AI score0.00024EPSS
Exploits0References16
ptsecurity
ptsecurity
added 2026/06/10 12:0 a.m.13 views

PT-2026-48601

Name of the Vulnerable Software and Affected Versions pdm versions prior to 2.28.0 Description The write to fs function in the InstallDestination class fails to properly validate file paths when adding symlink or hardlink support. It replaces the secure path with destdir method, which uses...

7.1CVSS5.9AI score0.00047EPSS
Exploits0References17
nvd
nvd
added 2026/05/04 5:16 a.m.19 views

CVE-2026-7727

A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be...

7.5CVSS0.00259EPSS
Exploits0References5
euvd
euvd
added 2026/05/04 3:15 a.m.10 views

EUVD-2026-26881

A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be...

7.5CVSS5.7AI score0.00259EPSS
Exploits0References5
cvelist
cvelist
added 2026/05/04 3:15 a.m.52 views

CVE-2026-7727 Shandong Hoteam Software PDM Product Data Management System DataService GetQueryMachineGridOnePageData sql injection

A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be...

7.5CVSS0.00259EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/05/04 3:15 a.m.4 views

CVE-2026-7727

A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References6Affected Software1
ptsecurity
ptsecurity
added 2026/05/04 12:0 a.m.18 views

PT-2026-36756

Name of the Vulnerable Software and Affected Versions Shandong Hoteam Software PDM Product Data Management System versions prior to 8.3.10 Description A remote SQL injection can be initiated through the manipulation of the SortOrder argument. This issue affects the GetQueryMachineGridOnePageData...

7.5CVSS7.1AI score0.00259EPSS
Exploits0References9
susecve
susecve
added 2026/02/16 12:25 a.m.5 views

SUSE CVE-2026-23190

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: fix memory leak in acp3x pdm dma ops...

5.5CVSS5.2AI score0.00114EPSS
Exploits0References19
ubuntucve
ubuntucve
added 2026/02/14 5:15 p.m.7 views

CVE-2026-23190

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: fix memory leak in acp3x pdm dma ops...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References23
attackerkb
attackerkb
added 2026/02/14 4:27 p.m.5 views

CVE-2026-23190

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: fix memory leak in acp3x pdm dma ops...

5.2AI score0.00114EPSS
Exploits0References8Affected Software1
cvelist
cvelist
added 2026/02/14 4:27 p.m.27 views

CVE-2026-23190 ASoC: amd: fix memory leak in acp3x pdm dma ops

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: fix memory leak in acp3x pdm dma ops...

0.00114EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/01/09 12:29 p.m.5 views

CVE-2023-40955

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/baseclient.py componen...

8.8CVSS8.7AI score0.01075EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 11:23 a.m.5 views

CVE-2021-31894

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier All versions, SIMATIC PCS 7 V9.X All versions V9.1 SP2, SIMATIC PDM All versions V9.2 SP2, SIMATIC STEP 7 V5.X All versions V5.7, SINAMICS STARTER containing STEP 7 OEM version All versions V5.4 SP2 HF1. A directory containing...

8.8CVSS6.9AI score0.00228EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.3 views

EUVD-2012-1838

Malware in sbrugna...

6.5CVSS6.2AI score0.01574EPSS
Exploits0References5
Rows per page
Query Builder