CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

208 matches found

EUVD•added 2026/05/19 3:53 p.m.•8 views

EUVD-2026-30957

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the remoteurl parameter in the remote directory scan endpoint POST /v1/iac/iacVersion/cloud/remote/dir/scan when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL...

9.2CVSS5.8AI score0.00482EPSS

Exploits0References1

Vulnrichment•added 2026/05/19 3:53 p.m.•7 views

CVE-2026-47357

9.2CVSS5.8AI score0.00482EPSS

Exploits0References1

IBM Security Bulletins•added 2026/04/16 6:58 p.m.•4 views

Security Bulletin: Go-getter may allow to arbitrary filesystem reads through git operations

Summary HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and...

7.5CVSS5.8AI score0.00424EPSS

Exploits1Affected Software1

OSV•added 2026/04/16 12:55 a.m.•4 views

CLEANSTART-2026-DR81473 HashiCorp’s go-getter library up to v1

Multiple security vulnerabilities affect the harbor-scanner-trivy-fips package. HashiCorp’s go-getter library up to v1. See references for individual vulnerability details...

9.8CVSS5.7AI score0.00694EPSS

Exploits2References24

GithubExploit•added 2026/04/10 8:15 p.m.•143 views

Exploit for CVE-2026-4660

CVE-2026-4660 PoC Proof of concept for CVE-2026-4660https:...

7.5CVSS5.7AI score0.00424EPSS

Exploits1

RedhatCVE•added 2026/04/10 10:20 a.m.•3 views

CVE-2026-4660

A flaw was found in the go-getter library. A remote attacker could exploit this vulnerability by providing a maliciously crafted URL during certain git operations. This could allow the attacker to perform arbitrary file reads on the file system, potentially leading to the disclosure of sensitive...

7.5CVSS5.9AI score0.00424EPSS

Exploits1References4

Snyk•added 2026/04/09 3:35 p.m.•1 views

Arbitrary Argument Injection

Overview github.com/hashicorp/go-getter is a Package for downloading things from a string URL using a variety of protocols. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the GitGetter function that lacks validation for git options when attempting to check th...

8.7CVSS6AI score0.00424EPSS

Exploits1References2

EUVD•added 2026/04/09 3:35 p.m.•26 views

EUVD-2026-20894

HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...

7.5CVSS6AI score0.00424EPSS

Exploits1References2

Github Security Blog•added 2026/04/09 3:35 p.m.•4 views

HashiCorp's go-getter library may allow arbitrary file reads

HashiCorp's go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...

7.5CVSS5.8AI score0.00424EPSS

Exploits1References3Affected Software1

OSV•added 2026/04/09 3:35 p.m.•3 views

GHSA-92MM-2PJQ-R785 HashiCorp's go-getter library may allow arbitrary file reads

7.5CVSS5.8AI score0.00424EPSS

Exploits1References3

NVD•added 2026/04/09 2:16 p.m.•2 views

CVE-2026-4660

7.5CVSS0.00424EPSS

Exploits1References1

OSV•added 2026/04/09 2:16 p.m.•3 views

DEBIAN-CVE-2026-4660

7.5CVSS5.5AI score0.00424EPSS

Exploits1References1

UbuntuCve•added 2026/04/09 2:16 p.m.•3 views

CVE-2026-4660

7.5CVSS5.8AI score0.00424EPSS

Exploits1References2

OSV•added 2026/04/09 2:16 p.m.•2 views

UBUNTU-CVE-2026-4660

7.5CVSS5.8AI score0.00424EPSS

Exploits1References3

Cvelist•added 2026/04/09 1:47 p.m.•56 views

CVE-2026-4660 Go-getter may allow to arbitrary filesystem reads through git operations

7.5CVSS0.00424EPSS

Exploits1References1

ATTACKERKB•added 2026/04/09 1:47 p.m.•4 views

CVE-2026-4660

7.5CVSS6AI score0.00424EPSS

Exploits1References2

Vulnrichment•added 2026/04/09 1:47 p.m.•1 views

CVE-2026-4660 Go-getter may allow to arbitrary filesystem reads through git operations

7.5CVSS6AI score0.00424EPSS

Exploits1References1

CVE•added 2026/04/09 1:47 p.m.•25 views

CVE-2026-4660

CVE-2026-4660 affects HashiCorp go-getter up to v1.8.5, where a crafted URL during certain git operations can cause arbitrary filesystem reads. The issue is fixed in go-getter v1.8.6; the v2 branch/package is unaffected. If you use go-getter, upgrade to v1.8.6 or later. The provided sources do no...

7.5CVSS6AI score0.00424EPSS

Exploits1References1

Debian CVE•added 2026/04/09 1:47 p.m.•4 views

CVE-2026-4660

7.5CVSS5.4AI score0.00424EPSS

Exploits1

Positive Technologies•added 2026/04/09 12:0 a.m.•1 views

PT-2026-31612

Name of the Vulnerable Software and Affected Versions go-getter versions up to 1.8.5 Description The go-getter library may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. Recommendations Update to go-getter version 1.8.6 or later...

7.5CVSS5.9AI score0.00504EPSS

Exploits1References154

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by