Lucene search
K

113 matches found

OSV
OSV
added 5 days ago4 views

PYSEC-2026-571 Weblate is vulnerable to RCE through Git config file overwrite

Impact It was possible to overwrite Git configuration remotely and override some of its behavior. Resources Thanks to Jason Marcello for responsible disclosure...

9.1CVSS5.8AI score0.00489EPSS
Exploits0References10
OSV
OSV
added 5 days ago5 views

PYSEC-2026-293 BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE

Summary bbot's gitdumper.py insufficiently sanitises a .git/config file, leading to Remote Code Execution RCE. bbot's gitdumper.py can be made to consume a malicious .git/index file, leading to arbitrary file write which can be used to achieve Remote Code Execution RCE. Impact A user who uses bbo...

9.6CVSS6.2AI score0.00437EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 5:17 a.m.16 views

Malicious code in ai-sdk-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 501daa3c8b2c9c2609dc60fd90ae59710a603ae56fa5dcc867d24913889c5413 [email protected] is a typosquat impersonating the Vercel AI SDK ecosystem homepage ai-sdk.guide, author 'AI SDK Guide '. On npm install,...

5.5AI score
Exploits0References23
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.11 views

CVE-2026-49959

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

8.8CVSS6.7AI score0.00945EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:31 p.m.46 views

EUVD-2026-35707

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

8.8CVSS6.7AI score0.00945EPSS
Exploits0References5
NVD
NVD
added 2026/06/09 5:17 p.m.10 views

CVE-2026-49959

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

8.8CVSS0.00945EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/09 4:46 p.m.10 views

CVE-2026-49959 Hermes WebUI < 0.51.311 RCE via Git Configuration Injection

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

8.8CVSS6.7AI score0.00945EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-48121

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

8.8CVSS6.7AI score0.00945EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.10 views

CVE-2026-44465

Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution RCE when a victim open a folder in untrusted mode...

8.6CVSS5.9AI score0.00297EPSS
Exploits1References1
OSV
OSV
added 2026/05/28 5:16 p.m.7 views

UBUNTU-CVE-2026-44465

Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution RCE when a victim open a folder in untrusted mode...

8.6CVSS6.1AI score0.00297EPSS
Exploits1References3
CVE
CVE
added 2026/05/28 4:10 p.m.17 views

CVE-2026-44465

Zed IDE (prior to 0.227.1) is affected. Opening a folder that contains a malicious .git/config file abuses the core.fsmonitor Git configuration option, allowing an attacker to execute arbitrary commands and achieve Remote Code Execution when a user opens the folder in untrusted mode. The issue is...

8.6CVSS6.1AI score0.00297EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/05/28 4:10 p.m.11 views

EUVD-2026-32937

Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution RCE when a victim open a folder in untrusted mode...

8.6CVSS6.1AI score0.00297EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

Zed 安全漏洞

Zed is a code editor developed by Zed Industries. Versions of Zed prior to 0.227.1 contained a security vulnerability. This vulnerability stemmed from the abuse of the core.fsmonitor Git configuration option when opening folders containing malicious.git/config files. This allowed attackers to...

8.6CVSS6.2AI score0.00297EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/24 1:45 a.m.14 views

Malicious code in git-config-sync (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e49db03099f1d6053a9ebada346c3816399bc47918c92d765162128a095c401 On import gitconfigsync, the package's core.py spawns a daemon thread after a 3-15 second random delay that walks /.ssh, /.aws, /.ethereum, /.config,...

5.9AI score
Exploits0References7
OSV
OSV
added 2026/05/24 1:45 a.m.12 views

MAL-2026-4273 Malicious code in git-config-sync (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e49db03099f1d6053a9ebada346c3816399bc47918c92d765162128a095c401 On import gitconfigsync, the package's core.py spawns a daemon thread after a 3-15 second random delay that walks /.ssh, /.aws, /.ethereum, /.config,...

5.9AI score
Exploits0References7
Snyk
Snyk
added 2026/05/23 9:0 p.m.11 views

Malicious Package

Overview git-config-sync is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...

9.8CVSS5.8AI score
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/20 12:54 p.m.86 views

Exploit for Path Traversal in Gogs

CVE-2025-8110 PoC Python proof-of-concept script for triggerin...

8.8CVSS7.4AI score0.7654EPSS
Exploits15
ATTACKERKB
ATTACKERKB
added 2026/05/13 3:45 p.m.8 views

CVE-2026-45033

GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent...

8.5CVSS6.3AI score0.0035EPSS
Exploits1References2Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/10 12:0 a.m.10 views

Malicious code in dit-envv (npm)

dit-envv is a typosquatting package impersonating dotenv, the widely-used environment variable loader. The package bundles the legitimate dotenv source and documentation to appear functional while hiding a credential-theft payload in index1.js, executed at install time via the postinstall script...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/10 12:0 a.m.16 views

Malicious code in erslove (npm)

erslove is a typosquatting package impersonating resolve, the module resolution library implementing require.resolve semantics. The package bundles the legitimate resolve source and test fixtures to appear functional while hiding a credential-theft payload in index1.js, executed at install time v...

5.8AI score
Exploits0References1
Rows per page
Query Builder