Lucene search
K

103 matches found

NVD
NVD
added 2025/07/10 3:15 p.m.7 views

CVE-2025-46334

Git GUI allows you to use the Git source control management tools via a GUI. A malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. Due to the unfortunate design of Tcl on Windows, the search path when looking for an executable always includes...

8.6CVSS0.00261EPSS
Exploits0References3
OSV
OSV
added 2025/07/10 3:9 p.m.4 views

CVE-2025-46835 Git GUI can create and overwrite files for which the user has write permission

Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permissio...

8.5CVSS8.5AI score0.00296EPSS
Exploits0References6
CVE
CVE
added 2025/07/10 3:9 p.m.90 views

CVE-2025-46835

Git GUI is vulnerable to arbitrary file creation/overwrites when a user clones an untrusted repository and is tricked into editing a file under a maliciously named directory; this can affect files the user can write. The issue is fixed in Git GUI versions 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2...

8.5CVSS6AI score0.00296EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2025/07/10 3:9 p.m.9 views

CVE-2025-46835

Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permissio...

8.5CVSS7.6AI score0.00296EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/07/10 3:9 p.m.3 views

CVE-2025-46835

Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permissio...

8.5CVSS6.2AI score0.00296EPSS
Exploits0
Debian CVE
Debian CVE
added 2025/07/10 3:6 p.m.5 views

CVE-2025-46334

Git GUI allows you to use the Git source control management tools via a GUI. A malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. Due to the unfortunate design of Tcl on Windows, the search path when looking for an executable always includes...

8.6CVSS8.3AI score0.00261EPSS
Exploits0
OSV
OSV
added 2025/07/10 3:6 p.m.4 views

CVE-2025-46334 Git GUI malicious command injection on Windows

Git GUI allows you to use the Git source control management tools via a GUI. A malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. Due to the unfortunate design of Tcl on Windows, the search path when looking for an executable always includes...

8.6CVSS8.8AI score0.00261EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2025/07/08 2:0 p.m.4 views

GitHub: CVE-2025-46334 Git Malicious Shell Vulnerability

CVE-2025-46334 is regarding a vulnerability in Git GUI Windows only where a malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. On Windows, path lookup can find such executables in the worktree. These programs are invoked when the user selects...

8.6CVSS6.2AI score0.00261EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 11:57 a.m.7 views

CVE-2025-0055

SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific circumstances an attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in...

6CVSS6.7AI score0.00233EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:35 a.m.10 views

CVE-2022-41205

SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application...

6.1CVSS6.9AI score0.00208EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/04/01 12:0 a.m.8 views

The vulnerability of the GUI component of the FortiSandbox threat detection and mitigation system allows a perpetrator to execute arbitrary code or commands.

The vulnerability of the GUI component of the FortiSandbox threat detection and mitigation system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or commands using specially created HTTP...

4.3CVSS6.2AI score0.00377EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/01 12:0 a.m.8 views

The vulnerability of the WEBGUI component of the SAP NetWeaver Application Server ABAP software integration platform allows a attacker to perform XSS attacks.

The vulnerability of the WEBGUI component of the SAP NetWeaver Application Server ABAP software integration platform exists due to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

6.4CVSS5.4AI score0.00221EPSS
Exploits0References2
NVD
NVD
added 2025/03/11 3:15 p.m.6 views

CVE-2023-37933

An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1 and before 7.1.3 allows an authenticated attacker to perform an XSS attack via crafted HTTP or HTTPs requests...

8.8CVSS0.00302EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/15 12:0 a.m.12 views

CVE-2025-26793

The Web GUI configuration panel of Hirsch formerly Identiv and Viscount Enterphone MESH through 2024 ships with default credentials username freedom, password viscount. The administrator is not prompted to change these credentials on initial configuration, and changing the credentials requires ma...

10CVSS0.02303EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/22 12:0 a.m.4 views

PT-2025-2617 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: GRAU DATA Blocky versions prior to 3.1 Description: The issue is related to a Client-Side Enforcement of Server-Side Security vulnerability in Blocky-Gui. An attacker with Windows administrative or debugging privileges can patch a binary in...

6.4CVSS7.5AI score0.0016EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.4 views

PT-2025-28866

Name of the Vulnerable Software and Affected Versions: git in Debian Linux affected versions not specified Description: A flaw exists in Git GUI that allows for the creation and overwriting of arbitrary writable files. This occurs when a user clones an untrusted repository and is subsequently...

8.6CVSS8.2AI score0.02775EPSS
Exploits9References130
Cvelist
Cvelist
added 2024/05/13 3:43 p.m.14 views

CVE-2020-18305

Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges...

6.9AI score0.00703EPSS
Exploits1References1
OSV
OSV
added 2024/01/08 3:15 p.m.1 views

UBUNTU-CVE-2023-37444

Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the...

7.8CVSS7.5AI score0.00432EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/09/22 12:0 a.m.5 views

Cadence Design Systems GUI Security Vulnerability

Cadence Design Systems GUI is a Graphical User Interface GUI from Cadence Design Systems, Inc. to support its suite of Electronic Design Automation EDA software tools. A security vulnerability exists in Cadence Design Systems GUI version 0.9.2 and prior versions, which stems from the use of an...

5.5CVSS6.7AI score0.00294EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/07 12:48 p.m.23 views

Security Bulletin: A vulnerability has been identified in the IBM Storage Scale GUI where a remote authenticated user can execute commands (CVE-2023-33201)

Summary A security vulnerability has been identified in all levels of IBM Storage Scale GUI that could allow a remote authenticated user to execute commands. A fix for this vulnerability is available. Vulnerability Details CVEID:CVE-2023-33201 DESCRIPTION: The Bouncy Castle Crypto Package For Jav...

5.3CVSS6.5AI score0.00772EPSS
Exploits0Affected Software1
Rows per page
Query Builder