Lucene search
+L

10443 matches found

CVE
CVE
added 2026/07/08 2:55 p.m.20 views

CVE-2026-59703

repomix is affected by a local file inclusion vulnerability in the git clone endpoint. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts does not block file:// URLs, allowing an unauthenticated user to supply file:// scheme URLs that bypass validation and are passed to git clone, ...

8.7CVSS6.1AI score0.00386EPSS
Exploits0References4
OSV
OSV
added 2026/07/08 2:55 p.m.4 views

CVE-2026-59703 repomix - Local File Inclusion via file:// URL Scheme in Git Clone Endpoint

repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file://...

8.7CVSS6.2AI score0.00386EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/08 2:55 p.m.5 views

EUVD-2026-42273

repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file://...

8.7CVSS6.1AI score0.00386EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.8 views

PT-2026-56585

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.5 through 18.11.6 GitLab CE/EE versions 19.0 through 19.0.3 GitLab CE/EE versions 19.1 through 19.1.1 Description An issue exists where an authenticated user can create a repository where the content displayed in the w...

4.3CVSS6.1AI score0.00187EPSS
Exploits0References6
OSV
OSV
added 2026/07/07 4:52 p.m.5 views

GO-2026-5496 Improper single-quote escaping in go-git SSH transport in github.com/go-git/go-git

Improper single-quote escaping in go-git SSH transport in github.com/go-git/go-git...

9.6CVSS5.9AI score0.00365EPSS
Exploits0References1
NVD
NVD
added 2026/07/07 2:16 p.m.8 views

CVE-2026-44938

A vulnerability has been identified in Fleet's agent-side deployer, which did not filter security-sensitive keys from namespaceLabels in fleet.yaml or BundleDeployment.spec.options.namespaceLabels when applying them to the target namespace. An attacker with git push access to a Fleet-monitored...

8.8CVSS0.00508EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/07 1:5 p.m.33 views

CVE-2026-44938 Fleet has PSS Bypass through addLabelsFromOptions in Fleet Agent

A vulnerability has been identified in Fleet's agent-side deployer, which did not filter security-sensitive keys from namespaceLabels in fleet.yaml or BundleDeployment.spec.options.namespaceLabels when applying them to the target namespace. An attacker with git push access to a Fleet-monitored...

8.8CVSS0.00508EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.7 views

MiracleLinux 9 : git-lfs-3.7.1-4.el9_8 (AXSA:2026-1205:08)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-1205:08 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the...

7.5CVSS7AI score0.00728EPSS
Exploits0References5
Fedora
Fedora
added 2026/07/06 3:10 p.m.13 views

[SECURITY] Fedora 43 Update: sandogasa-0.15.3-2.fc43

A collection of tools and libraries for Fedora package maintenance and contributor activity tracking, built around shared API clients for Bugzilla, Bodhi, NVD, dist-git, Discourse, FASJSON, and HyperKitty. The name sandogasa =E8=8F=85=E7=AC=A0 refers to a Japanese straw hat of ten associated with...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/07/06 3:7 p.m.7 views

CVE-2026-50014

A flaw was found in pnpm, a package manager. An attacker could exploit this vulnerability by providing a malicious lockfile, which could lead to arbitrary code execution. This occurs because pnpm incorrectly processes git dependency information, allowing a crafted input to execute unauthorized...

7.3CVSS6.2AI score0.0018EPSS
Exploits1References4
Fedora
Fedora
added 2026/07/06 2:55 p.m.20 views

[SECURITY] Fedora 44 Update: sandogasa-0.15.3-2.fc44

A collection of tools and libraries for Fedora package maintenance and contributor activity tracking, built around shared API clients for Bugzilla, Bodhi, NVD, dist-git, Discourse, FASJSON, and HyperKitty. The name sandogasa =E8=8F=85=E7=AC=A0 refers to a Japanese straw hat of ten associated with...

6AI score
Exploits0
NVD
NVD
added 2026/07/06 11:16 a.m.9 views

CVE-2026-44936

Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials BasicAuth to any URL specified in the helm.repo...

5CVSS0.00386EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 9:30 a.m.6 views

EUVD-2026-41863

Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials BasicAuth to any URL specified in the helm.repo...

5CVSS6AI score0.00386EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:30 a.m.6 views

CVE-2026-44936

Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials BasicAuth to any URL specified in the helm.repo...

5CVSS6AI score0.00386EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/06 9:30 a.m.5 views

CVE-2026-44936 Rancher Fleet SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml

Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials BasicAuth to any URL specified in the helm.repo...

5CVSS6AI score0.00386EPSS
Exploits0References4
NVD
NVD
added 2026/07/05 8:16 a.m.12 views

CVE-2026-14722

A vulnerability was found in tiddly-gittly TidGi-Desktop up to 0.13.0. This impacts an unknown function of the file src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts of the component Git Repository Import. The manipulation results in code injection. The attack may be performed from...

7.5CVSS0.00315EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/05 7:30 a.m.10 views

EUVD-2026-41735

A vulnerability was found in tiddly-gittly TidGi-Desktop up to 0.13.0. This impacts an unknown function of the file src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts of the component Git Repository Import. The manipulation results in code injection. The attack may be performed from...

7.5CVSS6.7AI score0.00315EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/05 7:30 a.m.35 views

CVE-2026-14722 tiddly-gittly TidGi-Desktop Git Repository Import loadWikiTiddlersWithSubWikis.ts code injection

A vulnerability was found in tiddly-gittly TidGi-Desktop up to 0.13.0. This impacts an unknown function of the file src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts of the component Git Repository Import. The manipulation results in code injection. The attack may be performed from...

7.5CVSS0.00315EPSS
Exploits0References6
CVE
CVE
added 2026/07/05 7:30 a.m.17 views

CVE-2026-14722

TidGi-Desktop (tiddly-gittly) up to 0.13.0 is affected by a vulnerability in the Git Repository Import path, specifically src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts, enabling code injection. The issue is triggered by manipulation of the referenced function and is exploitable rem...

7.5CVSS6.7AI score0.00315EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 7:30 a.m.12 views

CVE-2026-14722

A vulnerability was found in tiddly-gittly TidGi-Desktop up to 0.13.0. This impacts an unknown function of the file src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts of the component Git Repository Import. The manipulation results in code injection. The attack may be performed from...

7.5CVSS6.7AI score0.00315EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder