Lucene search
K

2088 matches found

NVD
NVD
added last week6 views

CVE-2026-59196

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted nodemodules directory. Traversal aliases could escape that directory, while reserved aliases such as .bin or .pnpm could overwrite pnpm-owned layout. This vulnerability is fix...

7.1CVSS0.00262EPSS
Exploits1References1
CVE
CVE
added last week15 views

CVE-2026-59196

pnpm is vulnerable prior to versions 10.34.4 and 11.7.0 due to a crafted lockfile alias that can be joined under a hoisted node_modules directory, enabling traversal aliases to escape the directory and reserved aliases like .bin or .pnpm to overwrite pnpm-owned layout. The fixed versions are 10.3...

7.1CVSS5.9AI score0.00262EPSS
Exploits1References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/07/03 3:4 a.m.4 views

SUSE CVE-2026-53338

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Add NULL check for ofreservedmemlookup in airohaqdmainithfwdqueues ofreservedmemlookup may return NULL if the reserved memory region referenced by the "memory-region" phandle is not found in the reserved memory table...

5.8AI score0.00154EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.17 views

PT-2026-55313

Name of the Vulnerable Software and Affected Versions fast-mcp-telegram versions prior to 0.19.1 Description fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. While the verifier rejects the exact reserved token telegram, it fails to reject pa...

9.4CVSS6AI score0.00423EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53338

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: airoha: Add NULL check for ofreservedmemlookup in airohaqdmainithfwdqueues ofreservedmemlookup may return NULL if the reserved memory region referenced by...

6AI score0.00154EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 12:0 a.m.12 views

UBUNTU-CVE-2026-53338

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Add NULL check for ofreservedmemlookup in airohaqdmainithfwdqueues ofreservedmemlookup may return NULL if the reserved memory region referenced by the "memory-region" phandle is not found in the reserved memory table...

5.7AI score0.00154EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/01 1:32 p.m.6 views

CVE-2026-53338

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Add NULL check for ofreservedmemlookup in airohaqdmainithfwdqueues ofreservedmemlookup may return NULL if the reserved memory region referenced by the "memory-region" phandle is not found in the reserved memory table...

5.7AI score0.00154EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/07/01 1:32 p.m.6 views

EUVD-2026-40972

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Add NULL check for ofreservedmemlookup in airohaqdmainithfwdqueues ofreservedmemlookup may return NULL if the reserved memory region referenced by the "memory-region" phandle is not found in the reserved memory table...

5.8AI score0.00154EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/07/01 1:32 p.m.5 views

CVE-2026-53338

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Add NULL check for ofreservedmemlookup in airohaqdmainithfwdqueues ofreservedmemlookup may return NULL if the reserved memory region referenced by the "memory-region" phandle is not found in the reserved memory table...

5.7AI score0.00154EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/29 9:58 a.m.5 views

CVE-2026-53288

A flaw was found in the Linux kernel, affecting systems running on the arm64 architecture. This vulnerability occurs during the early kernel mapping process, where an insufficient number of pages are reserved for kernel segments. This can lead to an overflow of data into adjacent memory pages,...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References4
OSV
OSV
added 2026/06/27 12:2 a.m.5 views

GHSA-FR4H-3CPH-29XV pnpm: Hoisted install imports lockfile alias outside node_modules

Summary The hoisted dependency alias issue tracked as GHSA-fr4h-3cph-29xv / CAND-PNPM-059 has been addressed in both pnpm and pacquet. A crafted lockfile alias could be joined directly under a hoisted nodemodules directory. Traversal aliases could escape that directory, while reserved aliases suc...

7.1CVSS5.8AI score0.00262EPSS
Exploits1References2
OSV
OSV
added 2026/06/26 8:17 p.m.2 views

DEBIAN-CVE-2026-53304

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Resolve soft lockup issue when opening /dev/sgX The parameter defreservedsize defines the default buffer size reserved for each Sgfd and should be restricted to a range between 0 and 1,048,576 see...

5.5CVSS5.8AI score0.00101EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 7:41 p.m.6 views

EUVD-2026-39839

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Resolve soft lockup issue when opening /dev/sgX The parameter defreservedsize defines the default buffer size reserved for each Sgfd and should be restricted to a range between 0 and 1,048,576 see...

5.9AI score0.00101EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:41 p.m.7 views

CVE-2026-53304

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Resolve soft lockup issue when opening /dev/sgX The parameter defreservedsize defines the default buffer size reserved for each Sgfd and should be restricted to a range between 0 and 1,048,576 see...

5.8AI score0.00101EPSS
Exploits0References9Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52943

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A soft lockup occurs when opening /dev/sgX due to improper validation of the def reserved size module parameter. While the sg proc write dressz function enforces a size limit between 0 a...

5.5CVSS5.8AI score0.00101EPSS
Exploits0References21
Cvelist
Cvelist
added 2026/06/25 4:44 p.m.23 views

CVE-2026-55699 pnpm: reserved bin name deletes PNPM_HOME during global remove

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When a malicious package was installed globally, later global remove, update, or add-replacement flows could re-derive those names from the installed manifest a...

6.5CVSS0.00286EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 4:44 p.m.22 views

CVE-2026-55699

CVE-2026-55699 affects pnpm. Prior to versions 10.34.2 and 11.5.3, manifest bin object keys such as "", ".", and ".." could bypass the bin-name guard. In a scenario where a malicious global package is installed, downstream global remove/update/add-replacement flows could re-derive those names and...

6.5CVSS5.9AI score0.00286EPSS
Exploits1References1Affected Software1
F5 Networks
F5 Networks
added 2026/06/25 4:17 p.m.8 views

K000161911: Node.js vulnerability CVE-2026-48936

Security Advisory Description A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26. CVE-2026-48936 Impact There is no impact; F5 products are not...

3.3CVSS6AI score0.00154EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: A overflow issue was identified in IOMMUTESTOPADDRESERVED. syzkaller discovered that this could lead to an overflow in the test infrastructure and cause a WARN message by corrupting the reserved interval tree...

7.8CVSS5.8AI score0.00182EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 5:47 p.m.58 views

CVE-2020-9713

CVE-2020-9713 is an out-of-bounds read (CWE-125) in Adobe Acrobat and Reader. Affected are versions including 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier. The vulnerability could disclose sensitive memory and requires user interaction (vi...

5.5CVSS5.7AI score0.00185EPSS
Exploits0References1Affected Software3
Rows per page
Query Builder