| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-53167 | 0.00 | — | 0.00 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: fuse: limit FUSE_NOTIFY_RETRIEVE to uptodate folios FUSE_NOTIFY_RETRIEVE must be limited to uptodate folios; !uptodate folios can contain uninitialized data. Since FUSE_NOTIFY_RETRIEVE is intended to only… | |||
| CVE-2026-56774 | 0.00 | — | 0.00 | Jun 26, 2026 | Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validate the session id parameter before passing it to RememberMeSessionModel::remove, allowing authenticated users to delete other users' Remember Me sessions. Attackers can enumerate… | |||
| CVE-2026-40209 | — | 0.00 | — | 0.00 | Jun 26, 2026 | An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections… | ||
| CVE-2026-40210 | — | 0.00 | — | 0.00 | Jun 26, 2026 | An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash. | ||
| CVE-2026-40208 | — | 0.00 | — | 0.00 | Jun 26, 2026 | An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame. | ||
| CVE-2026-40011 | — | 0.00 | — | 0.00 | Jun 26, 2026 | An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block… | ||
| CVE-2026-40211 | — | 0.00 | — | 0.00 | Jun 26, 2026 | An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to… | ||
| CVE-2026-42387 | — | 0.00 | — | 0.00 | Jun 26, 2026 | A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation. | ||
| CVE-2026-42390 | — | 0.00 | — | 0.00 | Jun 26, 2026 | An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation. | ||
| CVE-2026-42005 | — | 0.00 | — | 0.00 | Jun 26, 2026 | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | ||
| CVE-2026-40012 | — | 0.00 | — | 0.00 | Jun 26, 2026 | ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled; | ||
| CVE-2026-42388 | — | 0.00 | — | 0.00 | Jun 26, 2026 | Incomplete validation of the SOA record present in a catalog zone might lead to a crash. | ||
| CVE-2026-42389 | — | 0.00 | — | 0.00 | Jun 26, 2026 | This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers. | ||
| CVE-2026-33612 | — | 0.00 | — | 0.00 | Jun 26, 2026 | A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning. | ||
| CVE-2026-52690 | — | 0.00 | — | 0.00 | Jun 26, 2026 | Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail. | ||
| CVE-2026-57456 | 0.00 | — | 0.00 | Jun 26, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion (runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim) executes reconstructed function and class definitions from the current buffer with exec() as part of… | |||
| CVE-2026-57451 | 0.00 | — | 0.00 | Jun 26, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0670, get_text_props() in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textprop_T entries that follow. The only check is a floor that… | |||
| CVE-2026-55895 | 0.00 | — | 0.00 | Jun 26, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile() in the netrw plugin (runtime/pack/dist/opt/netrw/autoload/netrw.vim) when deleting a local file from the browser. A filename derived from… | |||
| CVE-2026-55693 | 0.00 | — | 0.00 | Jun 26, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0653, the tree_count_words() function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure… | |||
| CVE-2026-57455 | 0.00 | — | 0.00 | Jun 26, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spell_soundfold_sofo() in src/spell.c translates a word through a spell file's SOFO (sound-folding) byte map into a caller-owned result buffer. Its copy loop advances the output index… | |||
| CVE-2026-55892 | 0.00 | — | 0.00 | Jun 26, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0662, the dump_prefixes() function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefixes that apply to a word. The counter is bounded only by the trie structure… | |||
| CVE-2026-57452 | 0.00 | — | 0.00 | Jun 26, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt~04! or VimCrypt~05! method (xchacha20poly1305, requires the +sodium feature) whose body is shorter than a single libsodium secretstream header, an unsigned… | |||
| CVE-2026-57454 | 0.00 | — | 0.00 | Jun 26, 2026 | Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a… | |||
| CVE-2026-57453 | 0.00 | — | 0.00 | Jun 26, 2026 | Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry… | |||
| CVE-2026-12844 | 0.00 | — | 0.00 | Jun 26, 2026 | List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function. pairwise() collects the values returned by the block into a heap buffer sized to the longer input array, then grows the buffer before each copy with a single quadrupling… | |||
| CVE-2026-6094 | — | 0.00 | — | 0.00 | Jun 26, 2026 | Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS. | ||
| CVE-2026-55967 | — | 0.00 | — | 0.00 | Jun 26, 2026 | AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery. | ||
| CVE-2026-55961 | 0.00 | — | 0.00 | Jun 26, 2026 | wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now… | |||
| CVE-2026-6091 | 0.00 | — | 0.00 | Jun 26, 2026 | Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects… | |||
| CVE-2026-6291 | 0.00 | — | 0.00 | Jun 26, 2026 | Bleichenbacher padding oracle in PKCS#7 KTRI decryption. When decrypting PKCS#7 EnvelopedData using RSA PKCS#1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed.… | |||
| CVE-2026-56789 | 0.00 | — | 0.00 | Jun 26, 2026 | RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files… | |||
| CVE-2026-56788 | 0.00 | — | 0.00 | Jun 26, 2026 | RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into… | |||
| CVE-2026-56787 | 0.00 | — | 0.00 | Jun 26, 2026 | RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote… | |||
| CVE-2026-56786 | 0.00 | — | 0.00 | Jun 26, 2026 | RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_type1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte overflow into fixed 64-byte descriptor fields. An attacker controlling an NTRIP or serial RTCM3… | |||
| CVE-2026-13434 | mod | 0.32 | 4.9 | 0.00 | Jun 26, 2026 | virt-controller-rhel9: kubevirt: kubevirt: Multus default-network annotation injection via unvalidated tenant networkName when ExternalNetResourceInjection is enabled | ||
| CVE-2026-48702 | imp | 0.49 | 7.5 | — | Jun 25, 2026 | github.com/sigstore/rekor: Rekor: Denial of Service due to unbounded gzip decompression in Alpine APK parsing | ||
| CVE-2026-46601 | mod | 0.42 | 6.5 | 0.00 | Jun 25, 2026 | golang.org/x/image/webp: golang.org/x/image/webp: Denial of Service via malformed VP8 chunk in WebP images | ||
| CVE-2026-56766 | imp | 0.45 | 7.5 | 0.01 | Jun 25, 2026 | hydra: Hydra: Remote Code Execution via NTLM Authentication Stack Buffer Overflow | ||
| CVE-2026-54679 | — | mod | 0.29 | 5.5 | 0.00 | Jun 25, 2026 | jq: jq: Denial of Service via integer overflow and buffer overrun on 32-bit systems | |
| CVE-2026-55180 | mod | 0.35 | 6.5 | 0.00 | Jun 25, 2026 | pnpm: pacquet: pnpm and pacquet: Information disclosure of environment secrets via improper environment variable expansion | ||
| CVE-2026-48995 | imp | 0.42 | 7.5 | 0.00 | Jun 25, 2026 | pnpm: pnpm: Supply chain compromise from unverified dependencies | ||
| CVE-2026-50017 | mod | 0.35 | 6.5 | 0.00 | Jun 25, 2026 | pnpm: pnpm: Information disclosure of authentication credentials via malicious .npmrc file | ||
| CVE-2026-50016 | imp | 0.45 | 8.0 | 0.00 | Jun 25, 2026 | pnpm: pnpm: Arbitrary code execution due to path traversal in dependency aliases | ||
| CVE-2026-50015 | imp | 0.40 | 7.3 | 0.00 | Jun 25, 2026 | pnpm: pnpm: Arbitrary file write/delete due to lack of path validation in patch files | ||
| CVE-2026-50014 | mod | 0.35 | 6.4 | 0.00 | Jun 25, 2026 | pnpm: pnpm: Arbitrary Code Execution via Malicious Lockfile | ||
| CVE-2026-50573 | mod | 0.37 | 6.8 | 0.00 | Jun 25, 2026 | pnpm: pnpm: Package integrity check bypass allows installation of malicious content | ||
| CVE-2026-50021 | imp | 0.42 | 7.5 | 0.00 | Jun 25, 2026 | pnpm: pnpm: Integrity bypass allows installation of altered packages via modified lockfile | ||
| CVE-2026-55700 | imp | 0.39 | 7.1 | 0.00 | Jun 25, 2026 | pnpm: pnpm: Unauthorized file modification via crafted package manifest | ||
| CVE-2026-55699 | mod | 0.35 | 6.5 | 0.00 | Jun 25, 2026 | pnpm: pnpm: Denial of Service due to improper handling of malicious package manifest bin keys | ||
| CVE-2026-55698 | imp | 0.50 | 8.8 | 0.00 | Jun 25, 2026 | pnpm: pnpm: Arbitrary code execution via malicious package-manager lockfile |
- CVE-2026-53167Jun 26, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: fuse: limit FUSE_NOTIFY_RETRIEVE to uptodate folios FUSE_NOTIFY_RETRIEVE must be limited to uptodate folios; !uptodate folios can contain uninitialized data. Since FUSE_NOTIFY_RETRIEVE is intended to only…
- CVE-2026-56774Jun 26, 2026risk 0.00cvss —epss 0.00
Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validate the session id parameter before passing it to RememberMeSessionModel::remove, allowing authenticated users to delete other users' Remember Me sessions. Attackers can enumerate…
- CVE-2026-40209Jun 26, 2026risk 0.00cvss —epss 0.00
An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections…
- CVE-2026-40210Jun 26, 2026risk 0.00cvss —epss 0.00
An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash.
- CVE-2026-40208Jun 26, 2026risk 0.00cvss —epss 0.00
An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame.
- CVE-2026-40011Jun 26, 2026risk 0.00cvss —epss 0.00
An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block…
- CVE-2026-40211Jun 26, 2026risk 0.00cvss —epss 0.00
An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to…
- CVE-2026-42387Jun 26, 2026risk 0.00cvss —epss 0.00
A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation.
- CVE-2026-42390Jun 26, 2026risk 0.00cvss —epss 0.00
An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation.
- CVE-2026-42005Jun 26, 2026risk 0.00cvss —epss 0.00
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
- CVE-2026-40012Jun 26, 2026risk 0.00cvss —epss 0.00
ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;
- CVE-2026-42388Jun 26, 2026risk 0.00cvss —epss 0.00
Incomplete validation of the SOA record present in a catalog zone might lead to a crash.
- CVE-2026-42389Jun 26, 2026risk 0.00cvss —epss 0.00
This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers.
- CVE-2026-33612Jun 26, 2026risk 0.00cvss —epss 0.00
A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning.
- CVE-2026-52690Jun 26, 2026risk 0.00cvss —epss 0.00
Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail.
- CVE-2026-57456Jun 26, 2026risk 0.00cvss —epss 0.00
Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion (runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim) executes reconstructed function and class definitions from the current buffer with exec() as part of…
- CVE-2026-57451Jun 26, 2026risk 0.00cvss —epss 0.00
Vim is an open source, command line text editor. Prior to 9.2.0670, get_text_props() in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textprop_T entries that follow. The only check is a floor that…
- CVE-2026-55895Jun 26, 2026risk 0.00cvss —epss 0.00
Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile() in the netrw plugin (runtime/pack/dist/opt/netrw/autoload/netrw.vim) when deleting a local file from the browser. A filename derived from…
- CVE-2026-55693Jun 26, 2026risk 0.00cvss —epss 0.00
Vim is an open source, command line text editor. Prior to 9.2.0653, the tree_count_words() function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure…
- CVE-2026-57455Jun 26, 2026risk 0.00cvss —epss 0.00
Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spell_soundfold_sofo() in src/spell.c translates a word through a spell file's SOFO (sound-folding) byte map into a caller-owned result buffer. Its copy loop advances the output index…
- CVE-2026-55892Jun 26, 2026risk 0.00cvss —epss 0.00
Vim is an open source, command line text editor. Prior to 9.2.0662, the dump_prefixes() function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefixes that apply to a word. The counter is bounded only by the trie structure…
- CVE-2026-57452Jun 26, 2026risk 0.00cvss —epss 0.00
Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt~04! or VimCrypt~05! method (xchacha20poly1305, requires the +sodium feature) whose body is shorter than a single libsodium secretstream header, an unsigned…
- CVE-2026-57454Jun 26, 2026risk 0.00cvss —epss 0.00
Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a…
- CVE-2026-57453Jun 26, 2026risk 0.00cvss —epss 0.00
Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry…
- CVE-2026-12844Jun 26, 2026risk 0.00cvss —epss 0.00
List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function. pairwise() collects the values returned by the block into a heap buffer sized to the longer input array, then grows the buffer before each copy with a single quadrupling…
- CVE-2026-6094Jun 26, 2026risk 0.00cvss —epss 0.00
Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS.
- CVE-2026-55967Jun 26, 2026risk 0.00cvss —epss 0.00
AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery.
- CVE-2026-55961Jun 26, 2026risk 0.00cvss —epss 0.00
wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now…
- CVE-2026-6091Jun 26, 2026risk 0.00cvss —epss 0.00
Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects…
- CVE-2026-6291Jun 26, 2026risk 0.00cvss —epss 0.00
Bleichenbacher padding oracle in PKCS#7 KTRI decryption. When decrypting PKCS#7 EnvelopedData using RSA PKCS#1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed.…
- CVE-2026-56789Jun 26, 2026risk 0.00cvss —epss 0.00
RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files…
- CVE-2026-56788Jun 26, 2026risk 0.00cvss —epss 0.00
RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into…
- CVE-2026-56787Jun 26, 2026risk 0.00cvss —epss 0.00
RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote…
- CVE-2026-56786Jun 26, 2026risk 0.00cvss —epss 0.00
RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_type1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte overflow into fixed 64-byte descriptor fields. An attacker controlling an NTRIP or serial RTCM3…
- risk 0.32cvss 4.9epss 0.00
virt-controller-rhel9: kubevirt: kubevirt: Multus default-network annotation injection via unvalidated tenant networkName when ExternalNetResourceInjection is enabled
- risk 0.49cvss 7.5epss —
github.com/sigstore/rekor: Rekor: Denial of Service due to unbounded gzip decompression in Alpine APK parsing
- risk 0.42cvss 6.5epss 0.00
golang.org/x/image/webp: golang.org/x/image/webp: Denial of Service via malformed VP8 chunk in WebP images
- risk 0.45cvss 7.5epss 0.01
hydra: Hydra: Remote Code Execution via NTLM Authentication Stack Buffer Overflow
- risk 0.29cvss 5.5epss 0.00
jq: jq: Denial of Service via integer overflow and buffer overrun on 32-bit systems
- risk 0.35cvss 6.5epss 0.00
pnpm: pacquet: pnpm and pacquet: Information disclosure of environment secrets via improper environment variable expansion
- risk 0.42cvss 7.5epss 0.00
pnpm: pnpm: Supply chain compromise from unverified dependencies
- risk 0.35cvss 6.5epss 0.00
pnpm: pnpm: Information disclosure of authentication credentials via malicious .npmrc file
- risk 0.45cvss 8.0epss 0.00
pnpm: pnpm: Arbitrary code execution due to path traversal in dependency aliases
- risk 0.40cvss 7.3epss 0.00
pnpm: pnpm: Arbitrary file write/delete due to lack of path validation in patch files
- risk 0.35cvss 6.4epss 0.00
pnpm: pnpm: Arbitrary Code Execution via Malicious Lockfile
- risk 0.37cvss 6.8epss 0.00
pnpm: pnpm: Package integrity check bypass allows installation of malicious content
- risk 0.42cvss 7.5epss 0.00
pnpm: pnpm: Integrity bypass allows installation of altered packages via modified lockfile
- risk 0.39cvss 7.1epss 0.00
pnpm: pnpm: Unauthorized file modification via crafted package manifest
- risk 0.35cvss 6.5epss 0.00
pnpm: pnpm: Denial of Service due to improper handling of malicious package manifest bin keys
- risk 0.50cvss 8.8epss 0.00
pnpm: pnpm: Arbitrary code execution via malicious package-manager lockfile