Lucene search
K

626 matches found

NVD
NVD
added 2026/07/06 10:16 p.m.8 views

CVE-2026-34153

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, LocalFileVolume::saveStorageOnServer builds shell commands using unescaped fspath and parentdir values before validation, and submitFileStorage does not validate the...

8.8CVSS0.00403EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:12 p.m.4 views

CVE-2026-34153

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, LocalFileVolume::saveStorageOnServer builds shell commands using unescaped fspath and parentdir values before validation, and submitFileStorage does not validate the...

8.8CVSS6.1AI score0.00403EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-56019

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description An authenticated user with permissions to add file storage can execute arbitrary commands when storage is saved. This occurs because the LocalFileVolume::saveStorageOnServer function...

8.8CVSS6.3AI score0.00403EPSS
Exploits0References8
OSV
OSV
added 2026/07/05 12:5 p.m.4 views

RLSA-2026:30855 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycod...

8.2CVSS6AI score0.00478EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/07/05 12:5 p.m.6 views

git-lfs security update

An update is available for git-lfs. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage LFS replaces large files such as audio samples, video...

9.6CVSS6.7AI score0.00478EPSS
Exploits0
NVD
NVD
added 2026/07/03 9:17 p.m.7 views

CVE-2026-58423

LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories...

7.7CVSS0.0031EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 9:16 p.m.6 views

CVE-2026-26292

Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests...

9.8CVSS0.00482EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 8:54 p.m.37 views

CVE-2026-58423 LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories

LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories...

7.7CVSS0.0031EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:54 p.m.7 views

CVE-2026-58423

LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories...

7.7CVSS5.9AI score0.0031EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.6 views

CVE-2026-28740

Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access...

7.1CVSS5.9AI score0.00323EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.42 views

CVE-2026-28740 Gitea LFS object reuse bypasses Code-unit authorization

Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access...

7.1CVSS0.00323EPSS
Exploits0References4
OSV
OSV
added 2026/07/03 8:19 p.m.3 views

CVE-2026-28740 Gitea LFS object reuse bypasses Code-unit authorization

Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access...

7.1CVSS7.1AI score0.00323EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/03 8:19 p.m.7 views

EUVD-2026-41630

Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests...

5.9AI score0.00482EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.7 views

CVE-2026-26292

Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests...

5.9AI score0.00482EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.35 views

CVE-2026-26292 Gitea LFS mirror synchronization bypasses migration HTTP transport restrictions

Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests...

0.00482EPSS
Exploits0References4
OSV
OSV
added 2026/07/03 8:19 p.m.4 views

CVE-2026-26292 Gitea LFS mirror synchronization bypasses migration HTTP transport restrictions

Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests...

9.8CVSS5.9AI score0.00482EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55656

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An authentication bypass exists when using a malformed SSH sub-verb during LFS Large File Storage operations. This flaw allows unauthorized read access to privat...

7.7CVSS6AI score0.0031EPSS
Exploits0References11
OSV
OSV
added 2026/07/01 12:3 p.m.6 views

RLSA-2026:30854 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycod...

8.2CVSS6.7AI score0.00478EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/29 6:26 p.m.11 views

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.6CVSS6.8AI score0.00478EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 12:0 a.m.4 views

ALSA-2026:30853 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycod...

9.6CVSS5.8AI score0.00478EPSS
Exploits0References4
Rows per page
Query Builder