CVE-2026-3820

creationtimestamp| type| source ---|---|--- 2026-06-04 11:51:43+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mnhkpjttbm2f...

CVE-2025-41280

creationtimestamp| type| source ---|---|--- 2026-05-29 13:16:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmymof6alp2r...

CVE-2026-4868

creationtimestamp| type| source ---|---|--- 2026-05-28 01:07:08+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mmutghmbwl25 2026-05-28 11:35:07+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mmvwjfgzfg2c...

CVE-2026-48689

creationtimestamp| type| source ---|---|--- 2026-05-26 19:00:46+00:00| seen| https://bsky.app/profile/euvd-bot.bsky.social/post/3mmroihdyss2w 2026-05-26 22:34:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mms2fvvfpe2h...

SUSE-SU-2026:1970-1 Security update for php-composer2

This update for php-composer2 fixes the following issues - CVE-2026-40176: command injection via malicious Perforce repository definition bsc1262254. - CVE-2026-40261: command injection via malicious Perforce source reference/url bsc1262255. Changes for php-composer2: - version update to 2.2.27...

CVE-2026-44662

creationtimestamp| type| source ---|---|--- 2026-05-15 01:19:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlu63ckcem2t...

CVE-2026-42950

creationtimestamp| type| source ---|---|--- 2026-05-11 22:00:00+00:00| seen| https://jvn.jp/en/jp/JVN03037325 2026-05-13 15:37:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlqn3qbbyj2k 2026-06-03 01:22:01+00:00| seen|...

SUSE-SU-2026:1784-1 Security update for php-composer2

This update for php-composer2 fixes the following issues: - CVE-2026-40176: arbitrary command injection via malicious Perforce repository definition bsc1262254. - CVE-2026-40261: arbitrary command injection via malicious Perforce source reference/url bsc1262255...

CVE-2026-8076

creationtimestamp| type| source ---|---|--- 2026-05-08 13:09:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mldsh2676e2e...

CVE-2026-6278

creationtimestamp| type| source ---|---|--- 2026-05-07 02:20:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mla5prthjg2v...

CVE-2026-7742

creationtimestamp| type| source ---|---|--- 2026-05-04 10:43:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkzihtdlcr2v...

CVE-2025-67223

creationtimestamp| type| source ---|---|--- 2026-04-28 09:00:05+00:00| seen| Telegram/dDiaPBuG5063OaJpBdVqzzs7lpwbpzaCXJ5I6hjB4akKrXs 2026-04-28 16:30:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkkz25mvtm2e 2026-04-28 21:00:04+00:00| seen|...

BIT-COMPOSER-2026-40261 Composer has Command Injection via Malicious Perforce Reference

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

UBUNTU-CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

CVE-2026-40261 Composer has Command Injection via Malicious Perforce Reference

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

CVE-2026-40261

CVE-2026-40261 affects the PHP package manager Composer. Affected are Composer versions 1.0–2.2.26 and 2.3–2.9.5, where Perforce::syncCodeBase() and Perforce::generateP4Command() construct shell commands by unsafe interpolation of input (sourceReference, source URL) into commands. This enables co...

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...