Lucene search
K

11 matches found

NVD
NVD
added 2026/06/25 6:16 p.m.8 views

CVE-2026-48995

pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile. The lockfile does not store the hash of the dependencies from https://codeload.github.com. This means that if thi...

7.5CVSS0.00116EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-41116

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are...

9.8CVSS8AI score0.02904EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/15 12:0 a.m.5 views

SUBNET PowerSYSTEM Center 安全漏洞

SUBNET PowerSYSTEM Center is SUBNET's infrastructure for secure, centralized management of the many different intelligent electronic devices meters, relays, RTUs, etc. deployed throughout the transmission and distribution system. A security vulnerability exists in SUBNET PowerSYSTEM Center versio...

8.6CVSS6.7AI score0.00209EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 10:51 a.m.17 views

BIT-COMPOSER-2021-41116 Command injection in composer on Windows

Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in...

9.8CVSS9.7AI score0.02904EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.2 views

SUSE CVE-2021-41116

Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in...

8.2CVSS7.5AI score0.02904EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/10/05 8:23 p.m.46 views

Improper escaping of command arguments on Windows leading to command injection

Impact Windows users running Composer to install untrusted dependencies are affected and should definitely upgrade for safety. Other OSs and WSL are not affected. Patches 1.10.23 and 2.1.9 fix the issue Workarounds None...

9.8CVSS3.9AI score0.02904EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2021/10/05 6:15 p.m.16 views

CVE-2021-41116

Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in...

9.8CVSS0.02904EPSS
Exploits0References3
OSV
OSV
added 2021/10/05 6:15 p.m.14 views

CVE-2021-41116

Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in...

9.8CVSS9.8AI score
Exploits0References3
OSV
OSV
added 2021/10/05 6:15 p.m.1 views

UBUNTU-CVE-2021-41116

Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in...

9.8CVSS5.8AI score0.02904EPSS
Exploits0References4
Cvelist
Cvelist
added 2021/10/05 5:40 p.m.23 views

CVE-2021-41116 Command injection in composer on Windows

Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in...

8.2CVSS10AI score0.02904EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/10/05 12:0 a.m.5 views

composer 命令注入漏洞

composer is an open source application . Composer is an open source application that provides a declaration to manage and install dependencies on PHP projects. A command injection vulnerability exists in Composer, which stems from Composer installing untrusted dependencies...

9.8CVSS8.3AI score0.02904EPSS
Exploits0References9
Rows per page
Query Builder