755 matches found
EUVD-2026-45436
A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function savesettings of the file /admin/adminclassnovo.php. This manipulation of the argument img causes unrestricted upload. The attack is possible to be carried out remotely...
CVE-2026-50021
A flaw was found in pnpm, a package manager. An attacker who can modify the pnpm-lock.yaml file and control the package registry can exploit this vulnerability. By removing the integrity field from the lockfile and serving altered package content, the pnpm install --frozen-lockfile command can...
CVE-2026-8921
External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...
CVE-2026-8921
External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...
CVE-2026-8921
The CVE-2026-8921 entry concerns ASUS Business Manager. It describes an External Control of File Name or Path vulnerability that allows a local user to execute arbitrary code with SYSTEM privileges by sending a tampered IPC message. Affected product is ASUS Business Manager; the root cause is con...
EUVD-2026-41483
External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...
EUVD-2026-41455
WatchGuard Fireware OS contains a firmware validation bypass when processing a backup image via the backup/restore feature. An authenticated administrator can exploit this vulnerability to install a tampered firmware image.This vulnerability affects Fireware OS 11.0 up to and including...
CVE-2026-13722
WatchGuard Fireware OS contains a firmware validation bypass when processing a backup image via the backup/restore feature. An authenticated administrator can exploit this vulnerability to install a tampered firmware image.This vulnerability affects Fireware OS 11.0 up to and including...
PT-2026-55492
Name of the Vulnerable Software and Affected Versions ASUS Business Manager affected versions not specified Description An External Control of File Name or Path issue allows a local user to execute arbitrary code with SYSTEM privileges. This is achieved by tampering with an Inter-Process...
CVE-2026-13722
WatchGuard Fireware OS contains a firmware validation bypass when processing a backup image via the backup/restore feature. An authenticated administrator can exploit this vulnerability to install a tampered firmware image.This vulnerability affects Fireware OS 11.0 up to and including...
CVE-2026-13722
CVE-2026-13722 concerns WatchGuard Fireware OS. The issue is a firmware validation bypass when processing a backup image via the backup/restore feature, enabling an authenticated administrator to install a tampered firmware image. Affected are Fireware OS versions: 11.0–11.12.4_Update1, 12.0–12.1...
PT-2026-55336
Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.0 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2025.6.2 Description An issue exists in the backup/restore feature where firmware...
pnpm Has an Integrity Check Bypass via Missing Lockfile Integrity Field
Summary pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry URL to serve altered package content, pnpm install...
EUVD-2026-39497
pnpm: Tarball hash of GitHub git dependencies is not stored in lockfile...
CVE-2026-48995 pnpm: Tarball hash of GitHub git dependencies is not stored in lockfile
pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile. The lockfile does not store the hash of the dependencies from https://codeload.github.com. This means that if thi...
CVE-2026-50021
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry URL...
CVE-2026-50021
pnpm has an integrity check bypass when the integrity field is missing from the lockfile. Concrete details from the connected docs show that prior to versions 10.34.0 and 11.4.0, pnpm’s tarball extraction worker skips tarball hash verification if integrity is undefined, allowing an attacker who c...
PT-2026-52517
Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description The tarball extraction worker in the pnpm package manager fails to perform integrity verification when the integrity field is missing from the lockfile resolution. This...
CVE-2026-54323
Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic Authorization...
CVE-2026-54323
Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic Authorization...