Lucene search
K

7726 matches found

Github Security Blog
Github Security Blog
added 2026/06/26 10:53 p.m.6 views

pnpm: Git Fetch Argument Injection via Lockfile resolution.commit

Summary pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected 40-character commit hash with a Git option such as...

7.3CVSS6AI score0.0018EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 10:52 p.m.6 views

pnpm: Unsafe default behavior breaks integrity check

While it is unclear whether this should be classified as a vulnerability, it is being reported through this channel because the current behavior may represent an unsafe default. Summary pnpm install in non-frozen mode can accept new remote package content after detecting that the downloaded tarba...

8.1CVSS5.7AI score0.00113EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/06/26 6:22 p.m.8 views

EUVD-2026-39832

Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...

7.2CVSS5.8AI score0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 5:32 p.m.34 views

CVE-2026-48497 Envoy: Abnormal process termination in DNS UDP filter

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS filter is configured with local resolution containing a name with the length of 255 octets or remote resolution for a name of 255 octets long...

5.9CVSS0.00405EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 4:47 p.m.22 views

CVE-2026-54557

CVE-2026-54557 affects the mise HTTP backend. Before 2026.6.1, install symlinks were created using the raw resolved version string for non-latest versions, instead of the sanitized version pathname. This allows a repository-controlled .tool-versions entry to cause mise install to create a symlink...

5.5CVSS5.8AI score0.00175EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 4:46 p.m.18 views

CVE-2026-55448

CVE-2026-55448 is confirmed across multiple sources as a local command-exécution vulnerability in the mise tool. An attacker who can place a repository-local .mise.toml can have mise load github.credential_command from local project config and execute its value via sh -c when resolving a GitHub t...

6.3CVSS6AI score0.00159EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 4:46 p.m.7 views

CVE-2026-55448

mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credentialcommand from local project config before any trust decision, then executes that value with sh -c when resolving a GitHub token. An attacker who can place a .mise.toml in a...

6.3CVSS6AI score0.00159EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2026/06/26 9:30 a.m.7 views

Server-Side Request Forgery

jackson-databind is vulnerable to server-side request forgery SSRF. The vulnerability is due to eager DNS resolution during InetSocketAddress deserialization, where untrusted hostnames are resolved before application-level validation, allowing attackers to trigger arbitrary DNS requests by...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/25 6:26 p.m.4 views

GO-2026-5128 Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails in github.com/traefik/traefik

Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails in github.com/traefik/traefik...

8.6CVSS5.8AI score0.0036EPSS
Exploits1References2
NVD
NVD
added 2026/06/25 6:16 p.m.8 views

CVE-2026-55180

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded $ENVVAR placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations and registry credentials. A malicious repository could cause dependency resolution to send victim...

6.5CVSS0.00212EPSS
Exploits1References1
NVD
NVD
added 2026/06/25 6:16 p.m.8 views

CVE-2026-55698

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can persist package-manager bootstrap metadata in the first YAML document of pnpm-lock.yaml. Before the patch, direct pnpm execution trusted an already resolved packageManagerDependencies entry when the committed env lockfile contained...

8.8CVSS0.00193EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 4:51 p.m.26 views

CVE-2026-50014

Summary: CVE-2026-50014 affects pnpm prior to 10.34.0 and 11.4.0. The lockfile-controlled git resolution.commit value is passed to git fetch without a separator or commit-format validation, enabling a malicious lockfile to inject git options (notably --upload-pack) in shallow-fetch paths. This ca...

7.3CVSS5.9AI score0.0018EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/25 4:51 p.m.29 views

CVE-2026-50014 pnpm: Git Fetch Argument Injection via Lockfile resolution.commit

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected...

6.4CVSS0.0018EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/25 4:43 p.m.29 views

CVE-2026-55698 pnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytes

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can persist package-manager bootstrap metadata in the first YAML document of pnpm-lock.yaml. Before the patch, direct pnpm execution trusted an already resolved packageManagerDependencies entry when the committed env lockfile contained...

8.8CVSS0.00193EPSS
Exploits1References1
OSV
OSV
added 2026/06/25 9:16 a.m.2 views

UBUNTU-CVE-2026-53266

In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: make ebtsnat ARP rewrite writable The ebtables SNAT target keeps the Ethernet source address rewrite behind skbensurewritableskb, 0. This is intentional: at the bridge ebtables hooks the Ethernet header is...

8.8CVSS5.7AI score0.00129EPSS
Exploits0References11
CVE
CVE
added 2026/06/25 8:39 a.m.14 views

CVE-2026-53266

The CVE-2026-53266 entry concerns the Linux kernel netfilter bridge path, where ebt_snat ARP sender hardware address rewrite could be performed on non-writable memory. Root cause: ARP SHA is written via skb_store_bits() relative to skb->data, and skb_header_pointer() only safely reads the ARP ...

8.8CVSS5.7AI score0.00129EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.6 views

CVE-2026-53266

In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: make ebtsnat ARP rewrite writable The ebtables SNAT target keeps the Ethernet source address rewrite behind skbensurewritableskb, 0. This is intentional: at the bridge ebtables hooks the Ethernet header is...

5.6AI score0.00129EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.4 views

CVE-2026-53266

In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: make ebtsnat ARP rewrite writable The ebtables SNAT target keeps the Ethernet source address rewrite behind skbensurewritableskb, 0. This is intentional: at the bridge ebtables hooks the Ethernet header is...

8.8CVSS5.6AI score0.00129EPSS
Exploits0
EUVD
EUVD
added 2026/06/25 8:39 a.m.11 views

EUVD-2026-39191

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix use-after-free on firstskb in inputprocesspayload inputprocesspayload stores firstskb into xtfs-ranewskb under droplock when starting partial reassembly, then unlocks and breaks out of the processing loop. The...

5.8AI score0.00418EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.6 views

CVE-2026-53197

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix ABBA deadlock in iptfsdestroystate iptfsdestroystate calls hrtimercancel while holding a spinlock that the timer callback also acquires, leading to an ABBA deadlock on SMP systems. For the output timer iptfstimer...

5.7AI score0.00173EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder