Lucene search
+L

79 matches found

NVD
NVD
added 6 hours ago5 views

CVE-2026-57860

ForgeCode tailcallhq/forgecode, an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.json whose mcpServers entries specify arbitrary command and...

8.4CVSS
Exploits0References5
Cvelist
Cvelist
added 7 hours ago9 views

CVE-2026-57860 ForgeCode Arbitrary Code Execution via Unvetted .mcp.json in Untrusted Repository

ForgeCode tailcallhq/forgecode, an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.json whose mcpServers entries specify arbitrary command and...

8.4CVSS
Exploits0References5
Vulnrichment
Vulnrichment
added 7 hours ago4 views

CVE-2026-57860 ForgeCode Arbitrary Code Execution via Unvetted .mcp.json in Untrusted Repository

ForgeCode tailcallhq/forgecode, an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.json whose mcpServers entries specify arbitrary command and...

8.4CVSS5.9AI score
Exploits0References5
CVE
CVE
added 7 hours ago7 views

CVE-2026-57860

Technical details about CVE-2026-57860 are not publicly available in the provided documents. Monitor for updates.

8.4CVSS5.9AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 23 hours ago4 views

PT-2026-60803

ForgeCode tailcallhq/forgecode, an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.json whose mcpServers entries specify arbitrary command and...

8.4CVSS5.8AI score
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/07/10 3:11 a.m.4 views

SUSE CVE-2026-59948

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than Packagist.org or Private Packagist can cause Composer to write attacker-controlled files outside the vendor directory and outside the project...

7CVSS6.1AI score0.00132EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-59948

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than...

7CVSS6.1AI score0.00132EPSS
Exploits0References3
NVD
NVD
added 2026/07/08 8:16 p.m.5 views

CVE-2026-59948

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than Packagist.org or Private Packagist can cause Composer to write attacker-controlled files outside the vendor directory and outside the project...

7CVSS0.00132EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/07/08 7:33 p.m.5 views

CVE-2026-59948

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than Packagist.org or Private Packagist can cause Composer to write attacker-controlled files outside the vendor directory and outside the project...

7CVSS6AI score0.00132EPSS
Exploits0
Cvelist
Cvelist
added 2026/07/08 7:33 p.m.32 views

CVE-2026-59948 Composer: Arbitrary file write outside vendor via malicious transitive package name

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than Packagist.org or Private Packagist can cause Composer to write attacker-controlled files outside the vendor directory and outside the project...

7CVSS0.00132EPSS
Exploits0References5
NVD
NVD
added 2026/07/08 3:16 p.m.7 views

CVE-2026-49145

App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include...

7.5CVSS0.00329EPSS
Exploits0References2
OSV
OSV
added 2026/07/08 3:16 p.m.4 views

ALPINE-CVE-2026-49145

App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include...

7.5CVSS6.2AI score0.00329EPSS
Exploits0References1
OSV
OSV
added 2026/07/08 3:16 p.m.3 views

ALPINE-CVE-2026-49146

App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The -B and -C context options accepted any positive integer, and ack...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References1
OSV
OSV
added 2026/07/08 3:16 p.m.2 views

DEBIAN-CVE-2026-49146

App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The -B and -C context options accepted any positive integer, and ack...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References1
OSV
OSV
added 2026/07/08 3:16 p.m.2 views

DEBIAN-CVE-2026-49145

App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include...

7.5CVSS6.2AI score0.00329EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/08 2:55 p.m.42 views

CVE-2026-49146 App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc

App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The -B and -C context options accepted any positive integer, and ack...

0.0038EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/08 2:55 p.m.5 views

CVE-2026-49146

App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The -B and -C context options accepted any positive integer, and ack...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/08 2:55 p.m.36 views

CVE-2026-49145 App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc

App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include...

0.00329EPSS
Exploits0References1
CVE
CVE
added 2026/07/08 2:55 p.m.23 views

CVE-2026-49145

CVE-2026-49145 affects App::Ack for Perl up to version 3.10.0. The flaw arises because ack searches upward for a project .ackrc and loads its options; the project-source blocklist did not include --files-from, allowing a project .ackrc to set --files-from to a path whose listed files ack will rea...

7.5CVSS6AI score0.00329EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/07/08 2:55 p.m.10 views

CVE-2026-49145

App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include...

7.5CVSS6AI score0.00329EPSS
Exploits0
Rows per page
Query Builder