Infoflowcloud

🚨*CVE* CVE-2026-55487 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other op… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-55487 pnp… infoflow.cloud`

🚨*CVE* CVE-2026-6094 Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-6094 Lec… infoflow.cloud`

🚨*CVE* CVE-2026-55697 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. Before the patch,… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-55697 pnp… infoflow.cloud`

🚨*CVE* CVE-2026-6291 Bleichenbacher padding oracle in PKCS#7 KTRI decryption. When decrypting PKCS#7 EnvelopedData using RSA PKCS#1 v1.5 key transport, wolfSSL returned distinguishable erro… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-6291 Óra… infoflow.cloud`

🚨*CVE* CVE-2026-55698 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can persist package-manager bootstrap metadata in the first YAML document of pnpm-lock.yaml. Before the p… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-55698 pnp… infoflow.cloud`

🚨*CVE* CVE-2026-6091 Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-6091 La … infoflow.cloud`

🚨*CVE* CVE-2026-55699 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When a malicious package was … cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-55699 pnp… infoflow.cloud`

🚨*CVE* CVE-2026-50573 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, `pnpm install` in non-frozen mode can accept new remote package content after detecting that the downloaded ta… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-50573 pnp… infoflow.cloud`

🚨*CVE* CVE-2026-55700 pnpm is a package manager. From 11.3.0 until 11.5.3, `pnpm stage download` derived a local filename from registry-controlled package name and version fields. A crafte… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-55700 pnp… infoflow.cloud`

🚨*CVE* CVE-2026-50021 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lock… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-50021 pnp… infoflow.cloud`

🚨*CVE* CVE-2026-50014 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-50014 pnp… infoflow.cloud`

🚨*CVE* CVE-2026-55961 wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos, so the underlying … cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-55961 wol… infoflow.cloud`

🚨*CVE* CVE-2026-50015 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's patch application pipeline (@pnpm/patch-package) performs no path validation on file paths extracted fr… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-50015 pnp… infoflow.cloud`

🚨*CVE* CVE-2026-55967 AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly rejected by the streaming APIs, allowing counter wrap, … cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-55967: el… infoflow.cloud`

🚨*CVE* CVE-2026-50016 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a transitive dependency alias from registry package metadata to contain path traversal segments. D… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-50016 pnp… infoflow.cloud`

🚨*CVE* CVE-2026-53274 In the Linux kernel, the following vulnerability has been resolved: net/smc: fix sleep-inside-lock in __smc_setsockopt() causing local DoS A logic flaw in __smc_set… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-53274 En … infoflow.cloud`

🚨*CVE* CVE-2026-53273 In the Linux kernel, the following vulnerability has been resolved: tee: optee: prevent use-after-free when the client exits before the supplicant Commit 70b0d6b0a1… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-53273 En … infoflow.cloud`

🚨*CVE* CVE-2026-53275 In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Fix use-after-free when processing MLD queries When processing an MLD query, a poin… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-53275 En … infoflow.cloud`

🚨*CVE* CVE-2026-53276 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix a use-after-free of the hci_conn pointer In iso_sock_rebind_bc(), the bis po… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-53276 En … infoflow.cloud`

🚨*CVE* CVE-2026-53277 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation walk_s1(… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-53277 En … infoflow.cloud`