Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

101 matches found

SUSE CVE
SUSE CVEadded 3 days ago3 views

SUSE CVE-2026-11332

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field...

7.8CVSS6.1AI score0.0002EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 4 days ago5 views

CVE-2026-33435

Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...

8CVSS6.2AI score0.00114EPSS
Exploits0References1
Snyk
Snykadded 4 days ago3 views

Arbitrary Argument Injection

Overview ansible-core is an a radically simple IT automation system. It handles configuration management, application deployment, cloud provisioning, ad-hoc task execution, network automation, and multi-node orchestration. Ansible makes complex changes like zero-downtime rolling updates with load...

8.4CVSS6.2AI score0.0002EPSS
Exploits0References2
NVD
NVDadded 4 days ago6 views

CVE-2026-11332

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field...

7.8CVSS0.0002EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 4 days ago7 views

CVE-2026-11332

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field...

7.8CVSS5.7AI score0.0002EPSS
Exploits0References4
EUVD
EUVDadded 4 days ago6 views

EUVD-2026-34791

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field...

7.8CVSS6.1AI score0.0002EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 4 days ago9 views

PT-2026-46910

Name of the Vulnerable Software and Affected Versions ansible-core affected versions not specified Red Hat Ansible Automation Platform affected versions not specified Description An issue exists in the ansible-galaxy role install command where dependency specifications from a role's...

7.8CVSS6.2AI score0.0002EPSS
Exploits0References7
Tenable Nessus
Tenable Nessusadded 2026/05/29 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-44465

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonit...

8.6CVSS6.1AI score0.00057EPSS
Exploits1References2
NVD
NVDadded 2026/05/28 5:16 p.m.8 views

CVE-2026-44465

Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution RCE when a victim open a folder in untrusted mode...

8.6CVSS0.00057EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/28 4:10 p.m.5 views

CVE-2026-44465

Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution RCE when a victim open a folder in untrusted mode...

8.6CVSS6.1AI score0.00057EPSS
Exploits1References2Affected Software1
EUVD
EUVDadded 2026/05/28 4:10 p.m.6 views

EUVD-2026-32937

Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution RCE when a victim open a folder in untrusted mode...

8.6CVSS6.1AI score0.00057EPSS
Exploits1References1
Ubuntu
Ubuntuadded 2026/05/26 9:52 p.m.10 views

USN-8303-1: GitPython vulnerabilities

Santos Gallegos discovered that GitPython did not properly validate paths when resolving certain Git references. An attacker could possibly use this issue to cause files outside the .git directory to be accessed, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu...

9.8CVSS6AI score0.0036EPSS
Exploits5
Positive Technologies
Positive Technologiesadded 2026/05/11 12:0 a.m.16 views

PT-2026-39901

Name of the Vulnerable Software and Affected Versions GitHub Copilot CLI versions prior to 1.0.43 Description An issue exists where a malicious bare git repository nested inside a project directory can lead to arbitrary code execution when the agent performs git operations. By exploiting git's...

8.5CVSS6.3AI score0.00013EPSS
Exploits1References6
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/11 12:0 a.m.7 views

Malicious code in briantreehttp (npm)

briantreehttp is a typosquatting package impersonating braintreehttp, the HTTP client library published by Braintree/PayPal. The package bundles the legitimate library source to appear functional while hiding a credential-theft payload in index1.js, which is executed at install time via the...

5.8AI score
Exploits0
OSV
OSVadded 2026/05/06 9:58 p.m.1 views

GHSA-V87R-6Q3F-2J67 GitPython: Newline injection in config_writer().set_value() enables RCE via core.hooksPath

GitConfigParser.setvalue passes values to Python's configparser without validating for newlines. GitPython's own write converts embedded newlines into indented continuation lines e.g. \n becomes \n\t, but Git still accepts an indented core stanza as a section header — so the injected core.hooksPa...

7.8CVSS6AI score0.00026EPSS
Exploits1References4
OSV
OSVadded 2026/04/16 8:41 p.m.0 views

GHSA-558G-H753-6M33 Weblate: Remote code execution during backup restoration

Impact The project backup didn't filter Git and Mercurial configuration files and this could lead to remote code execution under certain circumstances. Patches https://github.com/WeblateOrg/weblate/pull/18549 Workarounds The project backup is only accessible to users who can create projects...

8CVSS6.4AI score0.00114EPSS
Exploits0References5
PyPA
PyPAadded 2026/04/15 7:16 p.m.8 views

PYSEC-2026-154

Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...

8CVSS6.4AI score0.00114EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2026/04/15 7:16 p.m.5 views

PYSEC-2026-154

Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...

8CVSS6.4AI score0.00114EPSS
Exploits0References2
CVE
CVEadded 2026/04/15 6:13 p.m.6 views

CVE-2026-33435

Weblate: Remote code execution during project backup restoration in versions prior to 5.17 due to backups not filtering Git/Mercurial config files. Fixed in 5.17. Remediation: upgrade to 5.17+ or restrict access to backups (backups are only accessible to users who can create projects).

8CVSS6.4AI score0.00114EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/15 6:13 p.m.1 views

CVE-2026-33435 Weblate: Remote code execution during backup restoration

Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...

8CVSS6.4AI score0.00114EPSS
Exploits0References2
Rows per page
Query Builder