Lucene search
K

16 matches found

NVD
NVD
added 6 hours ago4 views

CVE-2026-59703

repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file://...

8.7CVSS
Exploits0References4
Cvelist
Cvelist
added 6 hours ago4 views

CVE-2026-59702 repomix - Server-Side Request Forgery via Unvalidated Repository URLs in POST /api/pack

repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers t...

9.3CVSS
Exploits0References4
CVE
CVE
added 6 hours ago7 views

CVE-2026-59702

Summary: CVE-2026-59702 affects repomix. A server-side request forgery exists in POST /api/pack, where unauthenticated attackers can cause the server to fetch arbitrary URLs without proper validation. The endpoint accepts http://, https://, and file:// URLs and passes them to git clone, enabling ...

9.3CVSS6.1AI score
Exploits0References4
Cvelist
Cvelist
added 6 hours ago9 views

CVE-2026-59703 repomix - Local File Inclusion via file:// URL Scheme in Git Clone Endpoint

repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file://...

8.7CVSS
Exploits0References4
CVE
CVE
added 6 hours ago11 views

CVE-2026-59703

repomix is affected by a local file inclusion vulnerability in the git clone endpoint. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts does not block file:// URLs, allowing an unauthenticated user to supply file:// scheme URLs that bypass validation and are passed to git clone, ...

8.7CVSS6.1AI score
Exploits0References4
OSV
OSV
added 2026/07/01 7:1 p.m.3 views

GHSA-HWPP-H97W-2H3J repomix: attach_packed_output can bypass file-read secret scanning for supported local files

attachpackedoutput can register arbitrary .json/.txt/.md/.xml files and bypass the MCP file-read safety check Summary Repomix's MCP server exposes a normal filesystemreadfile tool that reads absolute paths only after running the project's secret check. However, the attachpackedoutput plus...

6.9CVSS6.1AI score0.00028EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.8 views

CVE-2026-7628

A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. Performing a manipulation results in command injection. The attack may be initiated remotely. The...

6.5CVSS6.3AI score0.0111EPSS
Exploits0References1
NVD
NVD
added 2026/05/02 12:16 p.m.4 views

CVE-2026-7628

A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. Performing a manipulation results in command injection. The attack may be initiated remotely. The...

6.5CVSS0.0111EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/02 12:0 p.m.7 views

EUVD-2026-26787

A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. Performing a manipulation results in command injection. The attack may be initiated remotely. The...

6.5CVSS6.3AI score0.0111EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/02 12:0 p.m.41 views

CVE-2026-7628 crazyrabbitLTC mcp-code-review-server RepoMix repomix.ts executeRepomix command injection

A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. Performing a manipulation results in command injection. The attack may be initiated remotely. The...

6.5CVSS0.0111EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/02 12:0 p.m.4 views

CVE-2026-7628

A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. Performing a manipulation results in command injection. The attack may be initiated remotely. The...

6.5CVSS5.6AI score0.0111EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/02 12:0 p.m.5 views

CVE-2026-7628 crazyrabbitLTC mcp-code-review-server RepoMix repomix.ts executeRepomix command injection

A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. Performing a manipulation results in command injection. The attack may be initiated remotely. The...

6.5CVSS6.3AI score0.0111EPSS
Exploits0References7
CVE
CVE
added 2026/05/02 12:0 p.m.13 views

CVE-2026-7628

The CVE-2026-7628 affects crazyrabbitLTC mcp-code-review-server (up to version 0.1.0). The vulnerability is in RepoMix Command Handler’s function executeRepomix (src/repomix.ts), where a manipulation yields command injection. Exploitation can be remote, and public exploit code is available. The i...

6.5CVSS6.3AI score0.0111EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.9 views

Code Review Server 注入漏洞

Code Review Server is a code review tool based on large models, developed by Dennison Bertram. Versions of Code Review Server 0.1.0 and earlier had an injection vulnerability. This vulnerability stems from the executeRepomix function in the src/repomix.ts file, which allows for command injection,...

6.5CVSS6.8AI score0.0111EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/29 12:0 a.m.10 views

Codebase MCP 操作系统命令注入漏洞

Codebase MCP is a code library retrieval and analysis tool developed by DeDeveloper23. Codebase MCP has a vulnerability related to operating system command injection. This vulnerability stems from a function in the Component RepoMix Command Handler called getCodebase/getRemoteCodebase/saveCodebas...

5.3CVSS6.4AI score0.00647EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.9 views

PT-2026-28737

Name of the Vulnerable Software and Affected Versions DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6 Description A flaw exists in the getCodebase/getRemoteCodebase/saveCodebase functions within the src/tools/codebase.ts file of the RepoMix Command Handler component. Thi...

5.3CVSS5.8AI score0.00647EPSS
Exploits0References9
Rows per page
Query Builder