Lucene search
K

603 matches found

Veracode
Veracode
added 2026/05/16 6:40 a.m.34 views

LFS Object Overwrite

Gogs is vulnerable to LFS object overwrite. The vulnerability is due to overwritable LFS objects across different repositories, where attackers can manipulate the uploaded file like injecting backdoor, and Gogs does not verify uploaded LFS file content against its claimed SHA-256...

9.3CVSS7.1AI score0.00327EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/16 1:57 a.m.13 views

CVE-2026-44647

OneDev is a Git server with CI/CD, kanban, and packages. Prior to 15.0.2, there is behavior that breaks the expected boundary between repository-controlled LFS metadata and server-local filesystem paths. A repository object can steer raw blob reads to arbitrary local files that the server account...

7.1CVSS5.9AI score0.00319EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 8:8 p.m.7 views

CVE-2026-44647

OneDev is a Git server with CI/CD, kanban, and packages. Prior to 15.0.2, there is behavior that breaks the expected boundary between repository-controlled LFS metadata and server-local filesystem paths. A repository object can steer raw blob reads to arbitrary local files that the server account...

7.1CVSS5.9AI score0.00319EPSS
Exploits0References2Affected Software1
Rockylinux
Rockylinux
added 2026/05/14 6:1 p.m.22 views

git-lfs security update

An update is available for git-lfs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage LFS replaces large files such as audio samples, videos...

7.5CVSS7.3AI score0.00728EPSS
Exploits0
AlmaLinux
AlmaLinux
added 2026/05/13 12:0 a.m.12 views

Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 golang:...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References10
Oracle linux
Oracle linux
added 2026/05/13 12:0 a.m.25 views

git-lfs security update

3.4.1-10 - Rebuild with new Golang - Resolves: RHEL-167541, RHEL-167379, RHEL-166518 3.4.1-9 - Rebuild with new Golang - Resolves: RHEL-156637...

7.5CVSS7.4AI score0.00728EPSS
Exploits0
Rockylinux
Rockylinux
added 2026/05/08 12:3 p.m.18 views

git-lfs security update

An update is available for git-lfs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage LFS replaces large files such as audio samples, videos...

7.5CVSS7.4AI score0.00621EPSS
Exploits0
OSV
OSV
added 2026/05/06 12:0 a.m.19 views

ALSA-2026:14200 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282...

7.5CVSS7.4AI score0.00621EPSS
Exploits0References8
Snyk
Snyk
added 2026/05/04 9:16 p.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the currentDirectory parameter in the media upload process. An attacker can achieve arbitrary code execution and full server compromise by uploading a crafted file containing executable code to a location outside...

8.8CVSS6.3AI score0.00832EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.9 views

RHEL 9 : git-lfs (RHSA-2026:10712)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:10712 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing t...

7.5CVSS5.6AI score0.00728EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/26 11:0 p.m.37 views

CVE-2026-7065 BidingCC BuildingAI Remote Upload API file-storage.service.ts uploadRemoteFile server-side request forgery

A vulnerability has been found in BidingCC BuildingAI up to 26.0.1. Impacted is the function uploadRemoteFile of the file packages/core/src/modules/upload/services/file-storage.service.ts of the component Remote Upload API. The manipulation of the argument url leads to server-side request forgery...

7.5CVSS0.00294EPSS
Exploits0References5
CVE
CVE
added 2026/04/26 11:0 p.m.17 views

CVE-2026-7065

Technical details are not publicly available in the provided documents. Monitor for updates.

7.5CVSS7AI score0.00294EPSS
Exploits0References5
NVD
NVD
added 2026/04/23 8:16 p.m.5 views

CVE-2026-41268

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...

9.8CVSS0.13789EPSS
Exploits1References1
CVE
CVE
added 2026/04/23 7:13 p.m.17 views

CVE-2026-41268

Flowise is affected by a critical unauthenticated remote command execution (RCE) prior to version 3.1.0. The vulnerability arises from a parameter override bypass that combines the FILE-STORAGE:: keyword with a NODE_OPTIONS environment variable injection, allowing arbitrary root commands to be ex...

9.8CVSS7.5AI score0.13789EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/04/23 7:13 p.m.12 views

EUVD-2026-25285

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...

7.7CVSS7.5AI score0.13789EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 7:13 p.m.9 views

CVE-2026-41268

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...

7.7CVSS7.5AI score0.13789EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/23 7:13 p.m.4 views

CVE-2026-41268 Flowise: Flowise Parameter Override Bypass Remote Command Execution

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...

7.7CVSS7.5AI score0.13789EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/04/21 5:12 p.m.8 views

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.8 views

RHEL 9 : git-lfs (RHSA-2026:9436)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:9436 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

RHEL 10 : git-lfs (RHSA-2026:9435)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:9435 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing t...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References4
Rows per page
Query Builder