Lucene search
K

591 matches found

EUVD
EUVD
added yesterday11 views

EUVD-2026-36195

Dulwich's submodule path traversal in porcelain.submoduleupdate / porcelain.clonerecursesubmodules=True yields RCE via attacker-dropped .git/hooks payload...

7.5CVSS5.8AI score0.00448EPSS
Exploits0References3
NVD
NVD
added yesterday6 views

CVE-2026-57679

Unauthenticated SQL Injection in GeekyBot = 1.2.5 versions...

9.3CVSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57670

Unauthenticated Cross Site Scripting XSS in Google Maps CP = 1.2.5 versions...

7.1CVSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-57679

CVE-2026-57679 affects the WordPress GeekyBot plugin prior to or at version 1.2.5, with an unauthenticated SQL Injection vulnerability. The provided sources (NVD entries and PatchStack) confirm the flaw exists in GeekyBot

9.3CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added yesterday12 views

CVE-2026-57670 WordPress Google Maps CP plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Google Maps CP = 1.2.5 versions...

7.1CVSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in node-minimist

Minimist =1.2.5 is vulnerable to Prototype Pollution through the file index.js, the function setKey lines 69-95...

9.8CVSS6.9AI score0.04581EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/06/12 2:27 a.m.8 views

SUSE CVE-2026-42305

Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accept...

6.9CVSS6.5AI score0.00635EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/12 2:25 a.m.8 views

SUSE CVE-2026-47712

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.formatpatchoutdir=... derives each patch filename from the commit's subject line. Prior to this fix, getsummary only replaced spaces with dashes ...

3.3CVSS5.3AI score0.00139EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/12 2:25 a.m.8 views

SUSE CVE-2026-47734

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.1.0 and prior to version 1.2.5, a client with push access could push a tiny crafted thin pack 174 bytes whose delta header declares a huge destsize. When dulwich ingested it via addthinpack /...

5.7CVSS5.3AI score0.00188EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 11:16 p.m.23 views

CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS0.00448EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 11:16 p.m.6 views

DEBIAN-CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.8AI score0.00448EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 11:16 p.m.8 views

CVE-2026-42305

Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accept...

8.8CVSS0.00635EPSS
Exploits0References4
OSV
OSV
added 2026/06/10 11:16 p.m.5 views

UBUNTU-CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.7AI score0.00448EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/10 10:13 p.m.7 views

CVE-2026-52726 Dulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE via attacker-dropped .git/hooks payload

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.8AI score0.00448EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 10:11 p.m.26 views

CVE-2026-47734

Dulwich prior to 1.2.5 is vulnerable to an unbounded memory allocation in receive-pack when processing a crafted thin pack. A tiny push (~174 bytes) can declare a huge dest_size in the delta header, causing add_thin_pack / apply_delta to allocate hundreds of MB regardless of actual data. Impacted...

5.7CVSS5.4AI score0.00188EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 10:1 p.m.10 views

EUVD-2026-36186

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.formatpatchoutdir=... derives each patch filename from the commit's subject line. Prior to this fix, getsummary only replaced spaces with dashes ...

3.3CVSS5.5AI score0.00139EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 10:1 p.m.24 views

CVE-2026-47712

CVE-2026-47712 affects the Dulwich project (pure-Python Git implementation). The issue: porcelain.format_patch(outdir=...) derives patch file names from the commit subject, allowing a crafted subject to steer the created patch file outside the requested outdir. The root cause: get_summary previou...

3.3CVSS5.5AI score0.00139EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 10:1 p.m.28 views

CVE-2026-47712 Dulwich doesn't sanitize commit subjects in `porcelain.format_patch`

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.formatpatchoutdir=... derives each patch filename from the commit's subject line. Prior to this fix, getsummary only replaced spaces with dashes ...

3.3CVSS0.00139EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/10 9:55 p.m.11 views

CVE-2026-42305

Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accept...

8.8CVSS6.5AI score0.00635EPSS
Exploits0
EUVD
EUVD
added 2026/06/10 9:55 p.m.10 views

EUVD-2026-36181

Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accept...

9.8CVSS8.4AI score0.02225EPSS
Exploits0References4
Rows per page
Query Builder