EUVD-2026-31074

PluginScript attempts to chroot the plugin to the repoManagerRoot, this root is frequently / the system root in standard configurations or when using --root. If the chroot target is /, it is a no-op, allowing the traversed path to execute host binaries like /bin/bash with root privileges...

EUVD-2002-0129

Malware in sbrugna...

OS Command Exec, Add user with useradd

Execute an OS command from PHP. Creates a new user. By default the new user is set with sudo but other options exist to make the new user automatically root but this is not automatically set since the new user will be treated as root and login may be difficult. The new user can also be set as jus...

Denial of Service (DoS)

Overview ejs is a popular JavaScript templating engine. Affected versions of the package are vulnerable to Denial of Service by letting the attacker under certain conditions control and override the localNames option causing it to crash. You can read more about this vulnerability on the Snyk blog...

Directory Traversal

Overview Versions 0.8.3 and earlier of send are affected by a directory traversal vulnerability. When relying on the root option to restrict file access it may be possible for an application consumer to escape out of the restricted directory and access files in a similarly named directory. For...