CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29 matches found

EUVD•added 2026/04/22 7:6 p.m.•1 views

EUVD-2026-25049

DDEV has ZipSlip path traversal in tar and zip archive extraction...

6.5CVSS5.7AI score0.00019EPSS

Exploits3References5

NVD•added 2026/04/22 5:16 p.m.•2 views

CVE-2026-32885

DDEV is an open-source tool for running local web development environments for PHP and Node.js. Versions prior to 1.25.2 have unsanitized extraction in both Untar and Unzip functions in pkg/archive/archive.go. Downloads and extracts archives from remote sources without path validation. Version...

9.1CVSS0.00019EPSS

Exploits3References2

Vulnrichment•added 2026/04/22 4:54 p.m.•2 views

CVE-2026-32885 DDEV has ZipSlip path traversal in tar and zip archive extraction

6.5CVSS5.8AI score0.00019EPSS

Exploits3References2

ATTACKERKB•added 2026/04/22 4:54 p.m.•1 views

CVE-2026-32885

6.5CVSS5.8AI score0.00019EPSS

Exploits3References3Affected Software1

CVE•added 2026/04/22 4:54 p.m.•7 views

CVE-2026-32885

CVE-2026-32885 (DDEV ZipSlip) affects the DDEV project prior to v1.25.2. The vulnerability resides in the archive extraction routines (pkg/archive/archive.go) for both Untar() and Unzip(), which unzip/downloaded archives from remote sources without validating the extraction path. This enables pat...

9.1CVSS5.8AI score0.00019EPSS

Exploits3References2Affected Software1

Positive Technologies•added 2026/04/22 12:0 a.m.•4 views

PT-2026-34524

6.5CVSS5.8AI score0.00019EPSS

Exploits3References3

OSV•added 2026/03/20 7:46 a.m.•0 views

SUSE-SU-2026:0935-1 Security update for php-composer2

This update for php-composer2 fixes the following issues: CVE-2025-67746: Fixed ANSI control characters injection in the terminal output of various Composer commands via attacker controlled remote sources. bsc1255768...

5.3CVSS5.9AI score0.00018EPSS

Exploits0References3

Circl•added 2026/02/23 4:52 p.m.•1 views

CVE-2026-3015

creationtimestamp| type| source ---|---|--- 2026-02-23 16:52:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfk4fofhou27 2026-02-23 17:09:55+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfk5fjk4d32c 2026-02-24 21:00:15+00:00| seen|...

9CVSS8.2AI score0.00106EPSS

Exploits1References3

Amazon•added 2026/01/23 12:0 a.m.•8 views

Low: composer

Issue Overview: Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangle...

5.3CVSS5.6AI score0.00018EPSS

Exploits0

Tenable Nessus•added 2026/01/23 12:0 a.m.•3 views

Amazon Linux 2023 : composer (ALAS2023-2026-1365)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1365 advisory. Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI contro...

5.3CVSS6AI score0.00018EPSS

Exploits0References4

SUSE CVE•added 2026/01/01 12:24 a.m.•1 views

SUSE CVE-2025-67746

Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and...

3.3CVSS6.7AI score0.00018EPSS

Exploits0References7

Github Security Blog•added 2025/12/30 5:44 p.m.•5 views

Composer is vulnerable to ANSI sequence injection

Impact Attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and potentially leading to confusion or DoS of the terminal application. There is no proven exploit...

5.3CVSS6.8AI score0.00018EPSS

Exploits0References7Affected Software1

OSV•added 2025/12/30 5:44 p.m.•2 views

GHSA-59PP-R3RG-353G Composer is vulnerable to ANSI sequence injection

5.1CVSS6.7AI score0.00018EPSS

Exploits0References7

NVD•added 2025/12/30 4:15 p.m.•1 views

CVE-2025-67746

5.3CVSS0.00018EPSS

Exploits0References5

UbuntuCve•added 2025/12/30 4:15 p.m.•3 views

CVE-2025-67746

5.3CVSS5.9AI score0.00018EPSS

Exploits0References6

Cvelist•added 2025/12/30 4:11 p.m.•20 views

CVE-2025-67746 Composer vulnerable to ANSI sequence injection

5.3CVSS0.00018EPSS

Exploits0References5

CVE•added 2025/12/30 4:11 p.m.•7 views

CVE-2025-67746

Composer 2.x is vulnerable to ANSI sequence injection in terminal output when downloading from remote sources. Affected: 2.2.x before 2.2.26 and 2.9.x before 2.9.3. Root cause: remote sources can inject ANSI control characters into command output, potentially causing mangled output and terminal D...

5.3CVSS6.3AI score0.00018EPSS

Exploits0References5Affected Software1