Lucene search
K

43 matches found

Cvelist
Cvelist
added 2026/06/23 3:49 p.m.33 views

CVE-2026-49465 n8n: Git Node Clone and Push Operations Bypass File Sandbox

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push...

6CVSS0.00495EPSS
Exploits0References1
HackRead
HackRead
added 2026/04/29 9:1 a.m.8 views

Cursor AI IDE vulnerability allows code execution via hidden Git hooks

Novee researchers find high-severity CVE-2026-26268 flaw in Cursor AI, allowing hackers to run malicious code when developers clone repositories...

9.9CVSS5.3AI score0.0049EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 10:56 a.m.3 views

CVE-2022-38795

In Gitea through 1.17.1, repo cloning can occur in the migration function...

6.5CVSS4.3AI score0.00462EPSS
Exploits0References1
Gitee
Gitee
added 2025/10/28 5:17 p.m.146 views

nuclei_poc

This repository is an offensive tool for Nuclei POCs. It is a Python script that clones GitHub repositories, extracts Nuclei POCs, and organizes them into categorized folders. The script runs automatically every day using GitHub Actions. The primary vulnerability class targeted by this tool is no...

8AI score
Exploits0
Snyk
Snyk
added 2025/10/09 4:43 p.m.4 views

Information Exposure

Overview bbot is an OSINT automation for hackers. Affected versions of this package are vulnerable to Information Exposure via gitclone. An attacker can obtain sensitive information by tricking a user into cloning a repository using a specially crafted URL that causes the API key to be sent to an...

5.3CVSS6.5AI score0.00208EPSS
Exploits0References2
OSV
OSV
added 2025/10/09 2:25 p.m.3 views

SUSE-SU-2025:20855-1 Security update for git

This update for git fixes the following issues: Update to 2.51.0: - CVE-2025-27613: arbitrary writable file creation and truncation in Gitk bsc1245938 - CVE-2025-27614: arbitrary script execution via repo clonation in gitk bsc1245939 - CVE-2025-46835: untrusted repository cloning can lead to...

8.6CVSS7.2AI score0.02775EPSS
Exploits9References13
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-29858

Malicious code in bioql PyPI...

3.9CVSS7AI score0.00519EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-54676

Malicious code in bioql PyPI...

5.9CVSS6.3AI score0.00217EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-29844

Malicious code in bioql PyPI...

8.1CVSS7.5AI score0.01271EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/07/21 2:51 p.m.5 views

gitk: Git file creation flaw

A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss. This flaw manifests in two primary scenarios: - Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize...

3.6CVSS5.7AI score0.00287EPSS
Exploits0References7
OSV
OSV
added 2025/07/10 2:58 p.m.9 views

CVE-2025-27613 Gitk can create and truncate files in the user's home directory

Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled...

3.6CVSS7.2AI score
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/07/08 6:23 p.m.2 views

CVE-2025-48385

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to...

8.6CVSS8.7AI score0.00785EPSS
Exploits0
OSV
OSV
added 2025/06/14 6:14 a.m.7 views

BIT-GITLAB-2024-9512 Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync...

5.9CVSS5.5AI score0.00217EPSS
Exploits0References3
NVD
NVD
added 2025/06/12 2:15 p.m.8 views

CVE-2024-9512

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync...

5.9CVSS0.00217EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/12 2:2 p.m.10 views

CVE-2024-9512 Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync...

5.3CVSS0.00217EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/12 2:2 p.m.11 views

CVE-2024-9512 Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync...

5.3CVSS6.9AI score0.00217EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:24 a.m.5 views

CVE-2024-51990

jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause jj to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from...

9.3CVSS6.7AI score0.0059EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:54 a.m.8 views

CVE-2023-2589

An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker can clone a repository from a public project, from a disallowed IP, even after the...

5.9CVSS6.4AI score0.00391EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/30 12:0 a.m.6 views

PT-2025-5593 · Unknown · Pwn.College

Name of the Vulnerable Software and Affected Versions: pwn.college affected versions not specified Description: The issue is related to incorrect symlink checks on user-specified dojos, allowing users to perform a Local File Inclusion LFI from the CTFd container without requiring admin privileges...

7.7CVSS6.8AI score0.00455EPSS
Exploits0References5
OSV
OSV
added 2024/12/02 8:6 p.m.29 views

GO-2024-3296 Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in github.com/cli/cli

Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in github.com/cli/cli...

6.5CVSS6.7AI score0.00281EPSS
Exploits0References3
Rows per page
Query Builder