Lucene search
K

10331 matches found

osv
osv
added 2026/06/29 11:29 a.m.4 views

RHSA-2026:30854 Red Hat Security Advisory: git-lfs security update

Bulletin has no description...

8.2CVSS6.6AI score0.00478EPSS
Exploits0References11
osv
osv
added 2026/06/29 11:29 a.m.7 views

RHSA-2026:30853 Red Hat Security Advisory: git-lfs security update

Bulletin has no description...

8.2CVSS6.6AI score0.00478EPSS
Exploits0References11
osv
osv
added 2026/06/29 5:51 a.m.6 views

MAL-2026-6581 Malicious code in ollama-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52323ef2a3908b7db1565ae149128d053363ab2612c7bc3a938c3f2d63c285cf scripts/postinstall.js executes automatically on npm install and performs a bulk harvest of installer-side identity and configuration data: OS hostna...

5.9AI score
Exploits0References3
redhat
redhat
added 2026/06/29 5:8 a.m.6 views

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.6CVSS6.8AI score0.00478EPSS
Exploits0References2
redhat
redhat
added 2026/06/29 2:45 a.m.7 views

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.6CVSS6.8AI score0.00478EPSS
Exploits0References2
almalinux
almalinux
added 2026/06/29 12:0 a.m.5 views

Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycod...

9.6CVSS6.8AI score0.00478EPSS
Exploits0References4
osv
osv
added 2026/06/29 12:0 a.m.4 views

ALSA-2026:30853 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycod...

9.6CVSS5.8AI score0.00478EPSS
Exploits0References4
nessus
nessus
added 2026/06/29 12:0 a.m.9 views

RHEL 9 : git-lfs (RHSA-2026:30854)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:30854 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing t...

9.6CVSS6.7AI score0.00478EPSS
Exploits0References4
osv
osv
added 2026/06/29 12:0 a.m.5 views

ALSA-2026:30854 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycod...

9.6CVSS6.7AI score0.00478EPSS
Exploits0References4
nessus
nessus
added 2026/06/29 12:0 a.m.8 views

RHEL 8 : git-lfs (RHSA-2026:30853)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:30853 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing t...

9.6CVSS6.7AI score0.00478EPSS
Exploits0References4
githubexploit
githubexploit
added 2026/06/27 1:16 p.m.60 views

Exploit for CVE-2026-5366

CVE-2026-5366 P...

9.9CVSS7.3AI score0.00874EPSS
Exploits3
nessus
nessus
added 2026/06/27 12:0 a.m.7 views

SUSE SLES12 Security Update : google-osconfig-agent (SUSE-SU-2026:2665-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2665-1 advisory. - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header...

10CVSS7.4AI score0.01557EPSS
Exploits1References44
github
github
added 2026/06/26 10:53 p.m.8 views

pnpm: Git Fetch Argument Injection via Lockfile resolution.commit

Summary pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected 40-character commit hash with a Git option such as...

7.3CVSS6AI score0.0018EPSS
Exploits1References3Affected Software1
github
github
added 2026/06/26 9:49 p.m.7 views

pnpm: Tarball hash of GitHub git dependencies is not stored in lockfile

Summary A malicious codeload.github.com server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile. Details The lockfile does not store the hash of the dependencies from https://codeload.github.com This means that if this server was compromised or a person's...

7.5CVSS5.8AI score0.00116EPSS
Exploits1References3Affected Software1
nvd
nvd
added 2026/06/26 5:16 p.m.10 views

CVE-2026-45407

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKUROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user wh...

5.5CVSS0.00089EPSS
Exploits0References2
nvd
nvd
added 2026/06/26 5:16 p.m.8 views

CVE-2026-45408

Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex ^a-z0-9^/:A-Z$ permits shell metacharacters. When an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via an unquoted heredoc EOF...

9CVSS0.00234EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/26 4:23 p.m.38 views

CVE-2026-45405 Dokku: Arbitrary File Write via Tar Symlink Traversal in git:from-archive and certs:add

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequen...

9CVSS0.00289EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/26 4:21 p.m.9 views

CVE-2026-45407

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKUROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user wh...

5.5CVSS5.8AI score0.00089EPSS
Exploits0References3Affected Software1
euvd
euvd
added 2026/06/26 4:21 p.m.7 views

EUVD-2026-39802

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKUROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user wh...

5.5CVSS5.8AI score0.00089EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/26 4:21 p.m.36 views

CVE-2026-45407 Dokku: Git Credentials in .netrc Stored World-Readable Due to Premature touch

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKUROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user wh...

5CVSS0.00089EPSS
Exploits0References2
Rows per page
Query Builder