Lucene search
+L

179 matches found

nvd
nvd
added 2026/06/24 9:16 p.m.9 views

CVE-2026-52795

Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, because the access check in the Watch API handler is inverted. The code checks if repoCtx.ViewerCanRead returns 404 when the user CAN read instead o...

4.3CVSS0.00168EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/24 5:33 p.m.5 views

CVE-2026-48719

Warp is an agentic development environment. From 0.2025.08.06.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by...

8CVSS5.8AI score0.00948EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/24 5:33 p.m.32 views

CVE-2026-48719 Warp branch selector command injection via Git branch names

Warp is an agentic development environment. From 0.2025.08.06.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by...

8CVSS0.00948EPSS
Exploits0References2
cve
cve
added 2026/06/24 5:33 p.m.26 views

CVE-2026-48719

Warp, versions 0.2025.08.06.08.12.stable_00 through 0.2026.05.06.15.42.stable_01, contains a command injection in the prompt branch selector. If a user can publish a branch to a Git repository opened in Warp, a crafted branch name can be interpreted by the victim's shell when the branch is select...

8CVSS5.8AI score0.00948EPSS
Exploits0References2
osv
osv
added 2026/06/24 2:17 p.m.3 views

CVE-2026-57286

A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata...

4.3CVSS6AI score
Exploits0References1
cvelist
cvelist
added 2026/06/24 1:20 p.m.38 views

CVE-2026-57286

A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata...

0.00216EPSS
Exploits0References1
euvd
euvd
added 2026/06/24 1:20 p.m.10 views

EUVD-2026-38766

A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata...

4.3CVSS5.9AI score0.00216EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/24 1:20 p.m.7 views

CVE-2026-57286

A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata...

4.3CVSS5.9AI score0.00216EPSS
Exploits0References2
nvd
nvd
added 2026/05/29 6:17 p.m.21 views

CVE-2026-45628

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via childprocess.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...

9.6CVSS0.0023EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/29 4:33 p.m.13 views

CVE-2026-45628 Dokploy: Command Injection via Unescaped Branch Fields in Deployment Pipeline

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via childprocess.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...

9.6CVSS5.8AI score0.0023EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/29 4:33 p.m.46 views

CVE-2026-45628 Dokploy: Command Injection via Unescaped Branch Fields in Deployment Pipeline

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via childprocess.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...

9.6CVSS0.0023EPSS
Exploits0References1
osv
osv
added 2026/05/29 4:33 p.m.3 views

CVE-2026-45628 Dokploy: Command Injection via Unescaped Branch Fields in Deployment Pipeline

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via childprocess.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...

9.6CVSS5.9AI score0.0023EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/05/29 12:0 a.m.9 views

Dokploy 命令注入漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy 0.29.2 and earlier contained a command injection vulnerability. This vulnerability stemmed from the use of JavaScript template literal expressions to construct shell commands, which were executed via...

9.6CVSS6.1AI score0.0023EPSS
Exploits0References1
nvd
nvd
added 2026/05/18 9:16 p.m.18 views

CVE-2026-25244

WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution RCE in test orchestration. Git permits branch names containing shell...

9.8CVSS0.02799EPSS
Exploits1References6
attackerkb
attackerkb
added 2026/05/18 8:31 p.m.7 views

CVE-2026-25244

WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution RCE in test orchestration. Git permits branch names containing shell...

9.8CVSS6.6AI score0.02799EPSS
Exploits1References4Affected Software1
vulnrichment
vulnrichment
added 2026/05/18 8:31 p.m.8 views

CVE-2026-25244 WebdriverIO has Command Injection in the BrowserStack Service

WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution RCE in test orchestration. Git permits branch names containing shell...

9.8CVSS6.6AI score0.02799EPSS
Exploits1References3
euvd
euvd
added 2026/05/18 8:31 p.m.12 views

EUVD-2026-30805

WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution RCE in test orchestration. Git permits branch names containing shell...

9.8CVSS6.6AI score0.02799EPSS
Exploits1References3
osv
osv
added 2026/05/11 5:53 p.m.6 views

GHSA-5C46-X3QW-Q7J7 WebdriverIO BrowserStack Service has a Command Injection issue

Summary A command injection vulnerability exists in @wdio/browserstack-service that allows remote code execution RCE when processing git branch names in test orchestration. An attacker can exploit this by providing a malicious git repository with a branch name containing shell command injection...

9.8CVSS6.4AI score0.02799EPSS
Exploits1References5
github
github
added 2026/05/11 5:53 p.m.17 views

WebdriverIO BrowserStack Service has a Command Injection issue

Summary A command injection vulnerability exists in @wdio/browserstack-service that allows remote code execution RCE when processing git branch names in test orchestration. An attacker can exploit this by providing a malicious git repository with a branch name containing shell command injection...

9.8CVSS6.4AI score0.02799EPSS
Exploits1References5Affected Software1
ptsecurity
ptsecurity
added 2026/05/11 12:0 a.m.16 views

PT-2026-39872

Name of the Vulnerable Software and Affected Versions WebdriverIO versions prior to 9.24.0 Description A command injection issue exists in the test orchestration of WebdriverIO, specifically within the @wdio/browserstack-service module. The function getGitMetadataForAISelection interpolates git...

9.8CVSS7.9AI score0.02799EPSS
Exploits1References18
Rows per page
Query Builder