134 matches found
UBUNTU-CVE-2026-46644
insecure equivalence in symfony/polyfill-intl-idn for ASCII-only xn-- labels...
Linux Distros Unpatched Vulnerability : CVE-2026-46644
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - symfony/polyfill-intl-idn: xn-- labels with ASCII-only Punycode payloads are treated as equivalent to their decoded form CVE-2026-46644 Note that Nessus relies ...
CVE-2026-46644
insecure equivalence in symfony/polyfill-intl-idn for ASCII-only xn-- labels...
Incorrect Comparison
Overview Affected versions of this package are vulnerable to Incorrect Comparison in the process function in Idn.php, which does not necessarily treat xn-- labeled input as punycode, if it contains only ASCII. This case was overlooked in the specification until UTS 46 revision 33, when it was...
CVE-2026-46644
insecure equivalence in symfony/polyfill-intl-idn for ASCII-only xn-- labels...
CVE-2026-46644: symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence
More info at https://symfony.com/cve-2026-46644...
PT-2026-43392
Name of the Vulnerable Software and Affected Versions symfony/polyfill-intl-idn versions prior to 1.x Description The Idn::process function fails to enforce the validity criterion defined in UTS 46 revision 33 Section 4 step 4.1.2. Specifically, it does not verify that a label prefixed with xn--...
[SECURITY] Fedora 44 Update: rust-podman-sequoia-0.3.2-2.fc44
A polyfill to use Sequoia as a signing backend for containers...
MAL-2026-3009 Malicious code in rollup-plugin-polyfill-route (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae32c5ba788989f856ede10fa991e6dafa8d9263b0f5fc7384c69fba97e41d4a The package rollup-plugin-polyfill-route was found to contain malicious code. Source: ghsa-malware...
Malicious code in rollup-plugin-polyfill-route (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae32c5ba788989f856ede10fa991e6dafa8d9263b0f5fc7384c69fba97e41d4a The package rollup-plugin-polyfill-route was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview rollup-plugin-polyfill-route is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
MAL-2026-1979 Malicious code in rollup-plugin-polyfill-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 985c6e7bc0975c513137b35a6dca07cf02aa2b87444716244933ca17d56c6bd2 The package rollup-plugin-polyfill-utils was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview rollup-plugin-polyfill-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in rollup-plugin-polyfill-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 985c6e7bc0975c513137b35a6dca07cf02aa2b87444716244933ca17d56c6bd2 The package rollup-plugin-polyfill-utils was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview rollup-plugin-polyfill-build is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
MAL-2026-1967 Malicious code in rollup-plugin-polyfill-build (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66951e7a327d1fc859d6225c197895d0366cbe1dcb33f3fcf4879b223211a76a The package rollup-plugin-polyfill-build was found to contain malicious code. Source: ghsa-malware...
Malicious code in rollup-plugin-polyfill-build (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66951e7a327d1fc859d6225c197895d0366cbe1dcb33f3fcf4879b223211a76a The package rollup-plugin-polyfill-build was found to contain malicious code. Source: ghsa-malware...
SUSE CVE-2026-32260
Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:childprocess polyfill shell: true mode that bypasses the fix for CVE-2026-27190. The two-stage argument sanitization in transformDenoShellCommand...
CVE-2026-32260
Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:childprocess polyfill shell: true mode that bypasses the fix for CVE-2026-27190. The two-stage argument sanitization in transformDenoShellCommand...
CVE-2026-32260 Command Injection via incomplete shell metacharacter blocklist in node:child_process (bypass of CVE-2026-27190 fix)
Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:childprocess polyfill shell: true mode that bypasses the fix for CVE-2026-27190. The two-stage argument sanitization in transformDenoShellCommand...