Lucene search
K

10 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/23 7:22 p.m.4 views

CVE-2026-54325

Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory without first asking the user to trust that repository. This included project-local extensions, which are executable TypeScript or JavaScript modules loaded...

4.4CVSS6AI score0.00118EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2026/06/23 7:22 p.m.14 views

CVE-2026-54325

Pi loads project-local extensions without approval in versions before 0.79.0. Before 0.79.0, startup could pull in repository-specific resources from a .pi directory, including executable project-local extensions (TypeScript/JavaScript modules) that run inside the Pi process. An attacker controll...

4.4CVSS6AI score0.00118EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.16 views

PT-2026-50492

Name of the Vulnerable Software and Affected Versions Pi versions prior to 0.79.0 Description Pi loaded project-local configuration and resources from a repository's .pi directory, including executable TypeScript or JavaScript modules known as project-local extensions, without requiring the user ...

4.4CVSS6.3AI score0.00118EPSS
Exploits0References13
Cvelist
Cvelist
added 2026/05/12 12:12 a.m.59 views

CVE-2026-45321 Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/ packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself...

9.6CVSS0.02342EPSS
Exploits3References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:37 a.m.18 views

SUSE CVE-2013-3704

The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a...

4.3CVSS6.9AI score0.01533EPSS
Exploits0References5
NVD
NVD
added 2020/11/07 4:15 a.m.24 views

CVE-2020-16122

PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages...

8.2CVSS8AI score0.00335EPSS
Exploits0References1
OSV
OSV
added 2020/11/07 4:15 a.m.3 views

DEBIAN-CVE-2020-16122

PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages...

7.8CVSS7.6AI score0.00335EPSS
Exploits0References1
Prion
Prion
added 2020/11/07 4:15 a.m.25 views

Design/Logic Flaw

PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages...

2.1CVSS7.4AI score0.00335EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2020/06/13 1:14 a.m.25 views

CVE-2020-16122

PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages...

8.2CVSS7.1AI score0.00335EPSS
Exploits0References2
OSV
OSV
added 2020/06/13 1:14 a.m.2 views

UBUNTU-CVE-2020-16122

PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages...

8.2CVSS7.1AI score0.00335EPSS
Exploits0References3
Rows per page
Query Builder