PT-2026-44160

Summary The compliance-trestle library's remote fetching cache mechanism HTTPSFetcher and SFTPFetcher constructs the local cache file path from the URL path component without sanitizing path traversal sequences ../. When a remote OSCAL profile references a URL with traversal in its path, the HTTP...

CVE-2026-45773

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web page could send a...

CVE-2026-45773 Turborepo: Login callback CSRF/session fixation

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web page could send a...

SUSE CVE-2026-34042

act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with arbitrary keys and...

CVE-2026-34042

act: The CVE-2026-34042 flaw in the act project’s actions/cache server lets connections from any interface create caches with arbitrary keys and read existing caches, potentially enabling arbitrary remote code execution inside the local Docker container. The issue stems from listening on all inte...

CVE-2026-34042 act: actions/cache server allows malicious cache injection

act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with arbitrary keys and...

Advisory ROSA-SA-2026-3203

Software: unbound 1.16.2 OS: ROSA Virtualization 2.1 unaffected versions = unbound-1.16.2-5.9.rv3 affected versions unbound-1.16.2-5.9.rv3 CVE-ID: CVE-2025-5994 BDU-ID: 2025-12600 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Unbound DNS server is related to the loading of external unreliable...

Advisory ROSA-SA-2026-3165

Software: unbound 1.16.2 OS: ROSA Virtualization 3.1 unaffected versions = unbound-1.16.2-5.9.rv31 affected versions unbound-1.16.2-5.9.rv31 CVE-ID: CVE-2025-5994 BDU-ID: 2025-12600 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Unbound DNS server is related to the loading of external unreliabl...

[SECURITY] Fedora 43 Update: rust-sccache-0.13.0-3.fc43

Sccache is a ccache-like tool. It is used as a compiler wrapper and avoids compilation when possible. Sccache has the capability to utilize caching in remote storage environments, including various cloud storage options, or alternatively, in local storage...

OESA-2025-2632 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: SUNRPC: make sure cache entry active before cacheshow The function cshow was called with protection from RCU. This only ensures that cp will not be freed...

EUVD-2025-17809

Malicious code in bioql PyPI...

CVE-2025-36852

A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache such as those using Amazon S3, Google Cloud Storage, or similar object storage that allows any contributor with pull request privileges to inject compromised artifacts...

@nx/azure-cache Vulnerable to Build Cache Poisoning via Untrusted Pull Requests

A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache such as those using Amazon S3, Google Cloud Storage, or similar object storage that allows any contributor with pull request privileges to inject compromised artifacts...

GHSA-RRR2-JCR8-7Q3X @nx/azure-cache Vulnerable to Build Cache Poisoning via Untrusted Pull Requests

A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache such as those using Amazon S3, Google Cloud Storage, or similar object storage that allows any contributor with pull request privileges to inject compromised artifacts...

CVE-2025-36852

A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache such as those using Amazon S3, Google Cloud Storage, or similar object storage that allows any contributor with pull request privileges to inject compromised artifacts...

CVE-2025-36852

CVE-2025-36852 describes a critical vulnerability in remote cache extensions used by build systems with bucket-based remote caches (e.g., Amazon S3, Google Cloud Storage). The issue allows contributors with pull request privileges to inject compromised artifacts from untrusted environments into t...

CVE-2025-36852 Build Cache Poisoning via Untrusted Pull Requests

A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache such as those using Amazon S3, Google Cloud Storage, or similar object storage that allows any contributor with pull request privileges to inject compromised artifacts...

CVE-2025-36852 Build Cache Poisoning via Untrusted Pull Requests

A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache such as those using Amazon S3, Google Cloud Storage, or similar object storage that allows any contributor with pull request privileges to inject compromised artifacts...

PT-2025-24926 · Nx +1 · Aws S3 Remote Cache Plugin For Nx +6

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A critical security issue exists in remote cache extensions for common build systems that utilize bucket-based remote cache, such as those using Amazon S3 or Google Cloud Storage. This issue...

Nx 安全漏洞

Nx is an application from Nx, Inc. A security vulnerability exists in Nx that stems from a design flaw in the bucket-based remote cache that could lead to the injection of compromised artifacts into a trusted production environment...