CVE-2026-46597 vulnerabilities

Vulnerabilities for packages: k3s, cilium, istio, crossplane-provider-azure-storage, ko, mattermost, crossplane-provider-aws-cloudformation, eksctl, caddy, prometheus, policy-controller, wal-g, cosign, src, flux-operator, argo-cd, docker-machine-driver-linode, kuma, pulumi, tflint, vault-benchmar...

CVE-2026-39827 vulnerabilities

Vulnerabilities for packages: k3s, cilium, istio, docker-machine-driver-harvester, mattermost, prometheus, wal-g, argo-cd, kuma, pulumi, opentofu, kubernetes-dashboard, external-secrets-operator, splunk-otel-collector, grype, external-dns, dagger, cert-manager, gitea, guac, syft, scorecard,...

Snyk CLI 安全漏洞

Snyk CLI is a build-time tool from Snyk USA for finding and fixing known vulnerabilities in projects. A security vulnerability exists in Snyk CLI versions prior to 1.1294.0 that stems from vulnerability to code injection attacks when scanning for untrusted Gradle projects...

@candrewsintegralblue/snyk (=0.0.4), @commerce-apps/raml-toolkit (>=0.5.8 <=0.5.10) +2 more potentially affected by CVE-2022-22984 via @snyk/snyk-hex-plugin (>=1.0.0 <=1.1.4)

@snyk/snyk-hex-plugin NPM version =1.0.0, =0.5.8, =3.0.3-beta.1, =1.520.0, =1.684.0 Source cves: CVE-2022-22984 Source advisory: OSV:GHSA-4X6G-3CMX-W76R...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to an incomplete fix for CVE-2022-40764. A successful exploit allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags. In order to...

Snyk wc-cmd Command Injection Vulnerability

Snyk wc-cmd is an application from Snyk Corporation that provides statistics on the number of bytes, words, and lines in a given file, and displays the results as output. A command injection vulnerability exists in wc-cmd, which originates from a command injection attack on the index.js file...