575 matches found
CVE-2025-66213 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in File Storage Directory Mount Path
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the File Storage Directory Mount Path functionality allows users with application/service management permissions...
RLSA-2025:23744 Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 For more detai...
git-lfs security update
An update is available for git-lfs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage LFS replaces large files such as audio samples, videos...
RLSA-2025:23745 Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 For more detai...
Coolify 操作系统命令注入漏洞
Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. An operating system command injection vulnerability exists in versions prior to Coolify 4.0.0-beta.451, which stems from an uncleaned filestoragedirectorysource parameter that could lead to a...
RockyLinux 8 : git-lfs (RLSA-2025:23745)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:23745 advisory. git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 Tenable has extracted the preceding description block directly from the...
PT-2025-52856
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.451 Description Coolify is a self-hostable tool for managing servers, applications, and databases. An authenticated command injection issue exists in the File Storage Directory Mount Path functionality. Use...
git-lfs: Git LFS may write to arbitrary files via crafted symlinks
A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...
Important: Red Hat Security Advisory: git-lfs security update
An update for git-lfs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
ALSA-2025:23745 Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 For more detai...
Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 For more detai...
ALSA-2025:23744 Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 For more detai...
Oracle Linux 8 : git-lfs (ELSA-2025-23745)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-23745 advisory. - Backport CVE-2025-26625 fixes Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has no...
git-lfs security update
3.6.1-4 - Backport fix for CVE-2025-26625 - Resolves: RHEL-122431...
RLSA-2025:23667 Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 For more detai...
git-lfs security update
An update is available for git-lfs. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage LFS replaces large files such as audio samples, video...
RockyLinux 10 : git-lfs (RLSA-2025:23667)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:23667 advisory. git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 Tenable has extracted the preceding description block directly from the...
git-lfs: Git LFS may write to arbitrary files via crafted symlinks
A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...
git-lfs: Git LFS may write to arbitrary files via crafted symlinks
A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...
GO-2025-4187 Mattermost Server is vulnerable to Path Traversal when files are stored locally in github.com/mattermost/mattermost-server
Mattermost Server is vulnerable to Path Traversal when files are stored locally in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positi...