CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

124 matches found

Github Security Blog•added 2026/06/11 1:25 p.m.•9 views

PDM: Project-Controlled `.pdm-plugins` Content Executes Before CLI Parsing

Summary PDM automatically loads project-local plugin paths from .pdm-plugins during Core initialization. Because this path is added via site.addsitedir, attacker-controlled .pth files inside the project plugin directory are processed and can execute Python code before normal CLI handling begins...

6.3AI score0.00028EPSS

Exploits0References3Affected Software1

OSV•added 2026/06/10 8:33 p.m.•5 views

GHSA-78V8-VPJP-CJQH PDM wheel installation leads to Path Traversal via overridden write_to_fs

InstallDestination.writetofs in src/pdm/installers/installers.py overrides the base class to add symlink/hardlink support but replaces the safe pathwithdestdir which validates via Path.resolve + isrelativeto with a bare os.path.join that performs no path validation. A malicious wheel with travers...

7.1CVSS5.6AI score0.00047EPSS

Exploits0References4

Github Security Blog•added 2026/06/10 8:32 p.m.•17 views

PDM: Project-Local State and Config Writes Follow Symlinks

Summary PDM writes several project-local state or configuration files without symlink protection. If a malicious repository places those files as symlinks, local PDM operations can overwrite the symlink targets. This creates an arbitrary file clobber primitive relative to the privileges of the...

5.9AI score0.00024EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/06/10 12:0 a.m.•7 views

PT-2026-48601

Name of the Vulnerable Software and Affected Versions pdm versions prior to 2.28.0 Description The write to fs function in the InstallDestination class fails to properly validate file paths when adding symlink or hardlink support. It replaces the secure path with destdir method, which uses...

7.1CVSS5.6AI score0.00047EPSS

Exploits0References9

Positive Technologies•added 2026/06/10 12:0 a.m.•11 views

PT-2026-48600

Name of the Vulnerable Software and Affected Versions PDM versions prior to 2.28.0-1.1 Description PDM writes project-local state and configuration files without symlink protection, allowing a malicious repository to use symlinks to overwrite files outside the repository root. This creates an...

6.8CVSS5.9AI score0.00024EPSS

Exploits0References8

NVD•added 2026/05/04 5:16 a.m.•12 views

CVE-2026-7727

A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be...

7.5CVSS0.00259EPSS

Exploits0References5

EUVD•added 2026/05/04 3:15 a.m.•7 views

EUVD-2026-26881

7.5CVSS5.7AI score0.00259EPSS

Exploits0References5

Cvelist•added 2026/05/04 3:15 a.m.•49 views

CVE-2026-7727 Shandong Hoteam Software PDM Product Data Management System DataService GetQueryMachineGridOnePageData sql injection

7.5CVSS0.00259EPSS

Exploits0References5

ATTACKERKB•added 2026/05/04 3:15 a.m.•3 views

CVE-2026-7727

7.5CVSS6.9AI score0.00259EPSS

Exploits0References6Affected Software1

Positive Technologies•added 2026/05/04 12:0 a.m.•10 views

PT-2026-36756

Name of the Vulnerable Software and Affected Versions Shandong Hoteam Software PDM Product Data Management System versions prior to 8.3.10 Description A remote SQL injection can be initiated through the manipulation of the SortOrder argument. This issue affects the GetQueryMachineGridOnePageData...

7.5CVSS7.1AI score0.00259EPSS

Exploits0References9

SUSE CVE•added 2026/02/16 12:25 a.m.•2 views

SUSE CVE-2026-23190

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: fix memory leak in acp3x pdm dma ops...

5.5CVSS5.2AI score0.00114EPSS

Exploits0References19

UbuntuCve•added 2026/02/14 5:15 p.m.•4 views

CVE-2026-23190

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: fix memory leak in acp3x pdm dma ops...

5.5CVSS5.7AI score0.00114EPSS

Exploits0References15

Cvelist•added 2026/02/14 4:27 p.m.•22 views

CVE-2026-23190 ASoC: amd: fix memory leak in acp3x pdm dma ops

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: fix memory leak in acp3x pdm dma ops...

0.00114EPSS

Exploits0References7

ATTACKERKB•added 2026/02/14 4:27 p.m.•4 views

CVE-2026-23190

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: fix memory leak in acp3x pdm dma ops...

5.2AI score0.00114EPSS

Exploits0References8Affected Software1

RedhatCVE•added 2026/01/09 12:29 p.m.•3 views

CVE-2023-40955

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/baseclient.py componen...

8.8CVSS8.7AI score0.01075EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:23 a.m.•4 views

CVE-2021-31894

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier All versions, SIMATIC PCS 7 V9.X All versions V9.1 SP2, SIMATIC PDM All versions V9.2 SP2, SIMATIC STEP 7 V5.X All versions V5.7, SINAMICS STARTER containing STEP 7 OEM version All versions V5.4 SP2 HF1. A directory containing...

8.8CVSS6.9AI score0.00228EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2012-1839

Malware in sbrugna...

3.5CVSS6.4AI score0.01112EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2012-1837

Malware in sbrugna...

6.5CVSS6.4AI score0.01574EPSS

Exploits0References5