CVE-2026-40261

CVE-2026-40261 affects the PHP package manager Composer. Affected are Composer versions 1.0–2.2.26 and 2.3–2.9.5, where Perforce::syncCodeBase() and Perforce::generateP4Command() construct shell commands by unsafe interpolation of input (sourceReference, source URL) into commands. This enables co...

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

Command injection via malicious Perforce source reference/url

Impact The Perforce::syncCodeBase method appended the $sourceReference parameter to a shell command without proper escaping, allowing an attacker to inject arbitrary commands through a crafted source reference containing shell metacharacters. Further as in GHSA-wg36-wvj6-r67p / CVE-2026-40176 the...

CVE-2026-5832

creationtimestamp| type| source ---|---|--- 2026-04-09 03:18:04+00:00| published-proof-of-concept| Telegram/k6H1jBRyYuwqPn43znhK7mg4465TougGvrd7kOsXjIgmqE 2026-04-09 04:44:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mizypx5iqv2j...

CVE-2026-35169

creationtimestamp| type| source ---|---|--- 2026-04-08 21:53:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mizbr4qwcu2i 2026-04-09 01:26:43+00:00| published-proof-of-concept| Telegram/LyxiOFuM6k6JRrVhGkcWrU8R1Vj8dluNTy4xGDA54CBUTMw 2026-04-09 07:15:44+00:00| seen|...

CVE-2026-34079

creationtimestamp| type| source ---|---|--- 2026-04-07 23:21:06+00:00| seen| Telegram/WwaVaWmCpWfeYuJ8P8IqcUlHCUAeEgjmrCmKGvAa3A2q2J0 2026-04-08 01:31:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mix5holkl323 2026-04-10 14:32:09+00:00| seen|...

CVE-2026-39334

creationtimestamp| type| source ---|---|--- 2026-04-07 19:35:33+00:00| seen| Telegram/MwNatB1kDaoxbSrZihFWwC12FE1HreAtxbr2hmQcZTjcFY 2026-04-07 19:41:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miwjwwb6ct2q 2026-04-08 07:59:58+00:00| seen|...

CVE-2026-35413

creationtimestamp| type| source ---|---|--- 2026-04-06 22:36:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miud7skcjm2i...

CVE-2026-5104

creationtimestamp| type| source ---|---|--- 2026-03-30 05:35:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miawwhwma224...

CVE-2026-34247

creationtimestamp| type| source ---|---|--- 2026-03-27 19:09:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mi2sz4mh672g 2026-03-29 15:41:44+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-g3hj-mf85-679g 2026-03-30 00:00:35+00:00| seen|...

CVE-2026-4754

creationtimestamp| type| source ---|---|--- 2026-03-24 10:05:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhsd6nyubb2g...

CVE-2026-27093

creationtimestamp| type| source ---|---|--- 2026-03-19 07:18:09+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhfhjfw5ku2s 2026-03-19 08:19:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhfkwo5lbg2n 2026-03-19 09:37:36+00:00| seen|...

CVE-2026-23145

creationtimestamp| type| source ---|---|--- 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/ 2026-04-07 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities20260408 2026-05-10 18:00:00+00:00| seen|...

GHSA-9Q2P-VC84-2RWM

creationtimestamp| type| source ---|---|--- 2026-03-09 22:10:06+00:00| seen| https://gist.github.com/alon710/c9b7b8cb1e830c7075cb4162b8d49b80...

CVE-2026-30850

creationtimestamp| type| source ---|---|--- 2026-03-07 19:29:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgikrgnjue2o 2026-03-09 19:10:06+00:00| seen| https://gist.github.com/alon710/3fd4142edf95384fd65face73227a201...

GHSA-XF68-8HJW-7MPM

creationtimestamp| type| source ---|---|--- 2026-02-27 06:40:19+00:00| seen| https://gist.github.com/alon710/77f29ca3c69eb8ef713507cb5ca27a63...

CVE-2026-22878

creationtimestamp| type| source ---|---|--- 2026-02-26 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-08 2026-02-27 02:28:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfsnyrkham2u...

@akash-aw/aw-wizard-forms (=4.14.0), @alfresco/aca-generators (>=1.0.0 <=1.0.1) +131 more potentially affected by CVE-2026-27959 via koa (>=3.0.0 <=3.1.1)

koa NPM version =3.0.0, =1.0.0, =1.0.0, =0.44.0, =0.0.0-nightly-20260213031600, =0.0.0-nightly-20260317031259, =0.0.0-nightly-20260317031259, =0.0.0-nightly-20260213031600, =2025.12.1, =2.23.0, =0.0.1, =0.20.0, =0.0.5, =2026.1.2, =2.0.0, =2.0.1 and more Source cves: CVE-2026-27959 Source advisory...

GHSA-WXHW-J4HC-FMQ6

creationtimestamp| type| source ---|---|--- 2026-01-27 23:43:08+00:00| seen| https://bsky.app/profile/azu.bsky.social/post/3mdgwro56ha2c...