Lucene search
+L

4 matches found

Cvelist
Cvelist
added 2026/06/25 5:0 p.m.32 views

CVE-2026-55180 pnpm: Repository config can expand victim environment secrets into registry requests before scripts run

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded $ENVVAR placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations and registry credentials. A malicious repository could cause dependency resolution to send victim...

6.5CVSS0.00212EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 5:0 p.m.31 views

CVE-2026-55180

CVE-2026-55180 affects pnpm before 10.34.2 and 11.5.3. The issue arises when pnpm and related configuration (repository-controlled .npmrc and pnpm-workspace.yaml) expand ${ENV_VAR} placeholders into registry request destinations and registry credentials. This can cause dependency resolution to se...

6.5CVSS5.8AI score0.00212EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/05/28 4:10 p.m.32 views

CVE-2026-44465 Zed: Zed IDE Arbitrary Code Execution via untrusted repository with poisoned .git/config

Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution RCE when a victim open a folder in untrusted mode...

8.6CVSS0.00297EPSS
Exploits1References1
RustSec
RustSec
added 2024/08/31 12:0 p.m.9 views

gix-path uses local config across repos when it is the highest scope

Summary gix-path executes git to find the path of a configuration file that belongs to the git installation itself, but mistakenly treats the local repository's configuration as system-wide if no higher scoped configuration is found. In rare cases, this causes a less trusted repository to be...

2.5CVSS6.2AI score0.00244EPSS
Exploits0Affected Software1
Rows per page
Query Builder