10 matches found
CVE-2026-54325
Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory without first asking the user to trust that repository. This included project-local extensions, which are executable TypeScript or JavaScript modules loaded...
CVE-2026-54325
Pi loads project-local extensions without approval in versions before 0.79.0. Before 0.79.0, startup could pull in repository-specific resources from a .pi directory, including executable project-local extensions (TypeScript/JavaScript modules) that run inside the Pi process. An attacker controll...
PT-2026-50492
Name of the Vulnerable Software and Affected Versions Pi versions prior to 0.79.0 Description Pi loaded project-local configuration and resources from a repository's .pi directory, including executable TypeScript or JavaScript modules known as project-local extensions, without requiring the user ...
CVE-2026-45321 Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/ packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself...
SUSE CVE-2013-3704
The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a...
CVE-2020-16122
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages...
DEBIAN-CVE-2020-16122
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages...
Design/Logic Flaw
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages...
CVE-2020-16122
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages...
UBUNTU-CVE-2020-16122
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages...