Busca de CVEs
361.085 resultadosCVE-2026-48995MEDIUMpnpm: Tarball hash of GitHub git dependencies is not stored in lockfileEPSS 0.1%CVE-2026-11999HIGHX.509 trust-chain bypass via path-depth exhaustion in wolfSSL_X509_verify_cert()EPSS 0.2%CVE-2026-50017MEDIUMpnpm binds unscoped user-level npm auth credentials to a repository-selected registryEPSS 0.3%CVE-2026-50016HIGHpnpm: Transitive dependency alias path traversal allows project path override via symlink replacementEPSS 0.3%CVE-2026-55967LOWAES-GCM streaming APIs do not reject >64 GiB cumulative single messages, enabling counter wrap and keystream reuseEPSS 0.1%CVE-2026-50015HIGHpnpm: Arbitrary File Write/Delete via Malicious Patch File (Path Traversal)EPSS 0.3%CVE-2026-55961HIGHwolfSSL_PKCS7_verify() reports success for degenerate (certs-only) PKCS#7 with no signerEPSS 0.1%CVE-2026-50014MEDIUMpnpm: Git Fetch Argument Injection via Lockfile resolution.commitEPSS 0.2%CVE-2026-50573MEDIUMpnpm: Unsafe default behavior breaks integrity checkEPSS 0.1%CVE-2026-50021MEDIUMpnpm: Integrity Check Bypass via Missing Lockfile Integrity FieldEPSS 0.1%CVE-2026-55700HIGHpnpm: stage download writes outside destination via manifest version traversalEPSS 0.3%CVE-2026-6091MEDIUMPartial-chain verification accepts untrusted intermediate as trust anchorEPSS 0.2%CVE-2026-55699MEDIUMpnpm: reserved bin name deletes PNPM_HOME during global removeEPSS 0.3%CVE-2026-55698HIGHpnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytesEPSS 0.2%CVE-2026-55697HIGHpnpm: Repository-controlled configDependencies can select a pacquet native install engineEPSS 0.1%CVE-2026-6291MEDIUMBleichenbacher padding oracle in PKCS#7 KTRI RSA PKCS#1 v1.5 decryptionEPSS 0.2%CVE-2026-55487HIGHpnpm: manifest identity spoof satisfies allowBuilds and runs attacker lifecycleEPSS 0.1%CVE-2026-6094MEDIUMHeap buffer overread in wc_PKCS7_DecodeEnvelopedData parsing crafted PKCS7 EnvelopedDataEPSS 0.3%CVE-2026-54448MEDIUMTrivy: Helm chart tar bomb causes OOM via unbounded io.ReadAll in parserEPSS 0.3%CVE-2026-13351HIGHnet: Maliciously fragmented IPv6 packets can prevent receiving/processing future incoming packetsEPSS 0.3%