Lucene search
K

4 matches found

OSV
OSV
added 5 days ago12 views

ROOT-APP-COMPOSER-CVE-2026-54133 CVE-2026-54133 in mtdowling/jmespath.php - Patched by Root

Root has patched CVE-2026-54133 in the mtdowling/jmespath.php package for Root:Composer. Multiple fixed versions available...

9.8CVSS5.8AI score0.0032EPSS
Exploits0
OSV
OSV
added 2026/04/18 8:36 a.m.4 views

BIT-COMPOSER-2026-40176 Composer is vulnerable to Command Injection via Malicious Perforce Repository

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

7.8CVSS6.2AI score0.01065EPSS
Exploits4References7
NVD
NVD
added 2026/04/15 9:17 p.m.5 views

CVE-2026-40176

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

7.8CVSS0.01065EPSS
Exploits4References6
Friends Of PHP
Friends Of PHP
added 2026/04/14 9:42 a.m.20 views

Command injection via malicious Perforce repository definition

Impact The Perforce::generateP4Command method constructed shell commands by interpolating user-supplied Perforce connection parameters port, user, client without proper escaping. An attacker controlling a repository configuration in a malicious composer.json declaring a Perforce VCS repository...

7.8CVSS6.4AI score0.01065EPSS
Exploits4Affected Software1
Rows per page
Query Builder