Lucene search
+L

755 matches found

EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-45436

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function savesettings of the file /admin/adminclassnovo.php. This manipulation of the argument img causes unrestricted upload. The attack is possible to be carried out remotely...

5.8CVSS4.9AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/07/06 1:22 p.m.8 views

CVE-2026-50021

A flaw was found in pnpm, a package manager. An attacker who can modify the pnpm-lock.yaml file and control the package registry can exploit this vulnerability. By removing the integrity field from the lockfile and serving altered package content, the pnpm install --frozen-lockfile command can...

8.1CVSS6.3AI score0.00126EPSS
Exploits1References4
NVD
NVD
added 2026/07/03 3:16 a.m.12 views

CVE-2026-8921

External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...

8.5CVSS0.00124EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/03 2:0 a.m.43 views

CVE-2026-8921

External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...

8.5CVSS0.00124EPSS
Exploits0References1
CVE
CVE
added 2026/07/03 2:0 a.m.27 views

CVE-2026-8921

The CVE-2026-8921 entry concerns ASUS Business Manager. It describes an External Control of File Name or Path vulnerability that allows a local user to execute arbitrary code with SYSTEM privileges by sending a tampered IPC message. Affected product is ASUS Business Manager; the root cause is con...

8.5CVSS6.2AI score0.00124EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/03 2:0 a.m.9 views

EUVD-2026-41483

External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...

8.5CVSS6.2AI score0.00124EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/03 12:31 a.m.10 views

EUVD-2026-41455

WatchGuard Fireware OS contains a firmware validation bypass when processing a backup image via the backup/restore feature. An authenticated administrator can exploit this vulnerability to install a tampered firmware image.This vulnerability affects Fireware OS 11.0 up to and including...

8.6CVSS5.7AI score0.00232EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 12:16 a.m.16 views

CVE-2026-13722

WatchGuard Fireware OS contains a firmware validation bypass when processing a backup image via the backup/restore feature. An authenticated administrator can exploit this vulnerability to install a tampered firmware image.This vulnerability affects Fireware OS 11.0 up to and including...

8.6CVSS0.00232EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55492

Name of the Vulnerable Software and Affected Versions ASUS Business Manager affected versions not specified Description An External Control of File Name or Path issue allows a local user to execute arbitrary code with SYSTEM privileges. This is achieved by tampering with an Inter-Process...

8.5CVSS6.4AI score0.00124EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:6 p.m.11 views

CVE-2026-13722

WatchGuard Fireware OS contains a firmware validation bypass when processing a backup image via the backup/restore feature. An authenticated administrator can exploit this vulnerability to install a tampered firmware image.This vulnerability affects Fireware OS 11.0 up to and including...

8.6CVSS5.7AI score0.00232EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/02 11:6 p.m.28 views

CVE-2026-13722

CVE-2026-13722 concerns WatchGuard Fireware OS. The issue is a firmware validation bypass when processing a backup image via the backup/restore feature, enabling an authenticated administrator to install a tampered firmware image. Affected are Fireware OS versions: 11.0–11.12.4_Update1, 12.0–12.1...

8.6CVSS5.7AI score0.00232EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.11 views

PT-2026-55336

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.0 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2025.6.2 Description An issue exists in the backup/restore feature where firmware...

8.6CVSS6AI score0.00232EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/06/26 10:53 p.m.8 views

pnpm Has an Integrity Check Bypass via Missing Lockfile Integrity Field

Summary pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry URL to serve altered package content, pnpm install...

8.1CVSS5.8AI score0.00126EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/06/26 9:49 p.m.8 views

EUVD-2026-39497

pnpm: Tarball hash of GitHub git dependencies is not stored in lockfile...

7.5CVSS5.8AI score0.00116EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/25 4:58 p.m.37 views

CVE-2026-48995 pnpm: Tarball hash of GitHub git dependencies is not stored in lockfile

pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile. The lockfile does not store the hash of the dependencies from https://codeload.github.com. This means that if thi...

7.5CVSS0.00116EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:48 p.m.8 views

CVE-2026-50021

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry URL...

6.8CVSS5.9AI score0.00126EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/25 4:48 p.m.30 views

CVE-2026-50021

pnpm has an integrity check bypass when the integrity field is missing from the lockfile. Concrete details from the connected docs show that prior to versions 10.34.0 and 11.4.0, pnpm’s tarball extraction worker skips tarball hash verification if integrity is undefined, allowing an attacker who c...

8.1CVSS5.9AI score0.00126EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.30 views

PT-2026-52517

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description The tarball extraction worker in the pnpm package manager fails to perform integrity verification when the integrity field is missing from the lockfile resolution. This...

6.8CVSS5.8AI score0.00126EPSS
Exploits1References6
NVD
NVD
added 2026/06/23 6:18 p.m.14 views

CVE-2026-54323

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic Authorization...

5.9CVSS0.00117EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 6:6 p.m.6 views

CVE-2026-54323

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic Authorization...

5.9CVSS6.4AI score0.00117EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder