23 matches found
Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware
Security experts have disclosed details of an active malware campaign that's exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers. "Attackers achieve...
EUVD-2025-23550
Malicious code in bioql PyPI...
EUVD-2023-51105
Malicious code in bioql PyPI...
CVE-2025-51387
The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be...
CVE-2025-51387
The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be...
PT-2025-31865 · Unknown · Gitkraken Desktop
Name of the Vulnerable Software and Affected Versions: GitKraken Desktop versions 10.8.0 and 11.1.0 Description: GitKraken Desktop is susceptible to code injection due to misconfigured Electron Fuses. Insecure settings, specifically RunAsNode being enabled and EnableNodeCliInspectArguments not...
CVE-2025-51387
The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be...
GitKraken Desktop 安全漏洞
GitKraken Desktop is a cross-platform graphical Git client from GitKraken Inc. in the United States. A security vulnerability exists in GitKraken Desktop versions 10.8.0 and 11.1.0, which stems from a misconfiguration of Electron Fuses and could lead to code injection...
CVE-2025-51387
CVE-2025-51387 affects GitKraken Desktop versions 10.8.0 and 11.1.0. The root cause is misconfigured Electron Fuses: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled, allowing the application to run in Node.js mode. This configuration enables attackers to pass arguments that...
CVE-2025-51387
The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be...
CVE-2023-46944
An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component...
GitLens Git Local Configuration Execution Exploit
GitKraken GitLens versions prior to 14.0.0 allow an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code. Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows 10. This module require...
CVE-2023-46944
An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component...
CVE-2023-46944
An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component...
Authorization
An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component...
CVE-2023-46944
CVE-2023-46944 affects GitKraken GitLens plugins for VSCode prior to 14.0.0. A crafted file can be used to coerce the Visual Studio Code workspace trust component into executing arbitrary code, via a local attack vector. Root cause cited: insufficient input validation in GitLens workflow context ...
CVE-2023-46944
An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component...
PT-2023-9085 · Microsoft +1 · Visual Studio Code +1
Name of the Vulnerable Software and Affected Versions: GitKraken GitLens versions prior to 14.0.0 Description: The issue is related to insufficient input validation in the GitKraken GitLens plugin for Visual Studio Code, allowing an attacker to execute arbitrary code via a crafted file. This can ...
GitHub Revoked Insecure SSH Keys Generated by a Popular git Client
Code hosting platform GitHub has revoked weak SSH authentication keys that were generated via the GitKraken git GUI client due to a vulnerability in a third-party library that increased the likelihood of duplicated SSH keys. As an added precautionary measure, the Microsoft-owned company also said...
Exploit for Uncontrolled Search Path Element in Git_Large_File_Storage_Project Git_Large_File_Storage
Git-lfs Remote Code Execution RCE exploit CVE-2020-27955 .b...