Lucene search
K

374 matches found

EUVD
EUVD
added yesterday11 views

EUVD-2026-36195

Dulwich's submodule path traversal in porcelain.submoduleupdate / porcelain.clonerecursesubmodules=True yields RCE via attacker-dropped .git/hooks payload...

7.5CVSS5.8AI score0.00448EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: Resources are freed after they are unregistered. The unbind operation of the DP component iterates through the submodules to unregister them and clean up the situation. However, if the unbind occurs because the DP...

7.8CVSS5.4AI score0.00149EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Git

Git is a version control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted .gitmodules file with submodule URLs that were longer than 1024 characters could be used to exploit a bug in...

7.8CVSS8AI score0.06079EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/06/18 8:4 p.m.8 views

CVE-2026-52726

A flaw was found in Dulwich, a pure-Python implementation of Git file formats and protocols. This vulnerability allows a remote attacker to achieve arbitrary code execution by crafting a malicious Git submodule. When a user clones or updates a repository with such a submodule, the...

7.5CVSS6.6AI score0.00448EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/12 2:25 a.m.7 views

SUSE CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.7AI score0.00448EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-52726

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5,...

9CVSS7.5AI score0.25334EPSS
Exploits32References4
OSV
OSV
added 2026/06/10 11:16 p.m.6 views

DEBIAN-CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.8AI score0.00448EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 11:16 p.m.24 views

CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS0.00448EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 11:16 p.m.5 views

UBUNTU-CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.7AI score0.00448EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/10 11:12 p.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the porcelain.submoduleupdate module when handling attacker-controlled submodule paths from a crafted upstream repository without proper path validation. An attacker can achieve arbitrary code execution by crafti...

8.3CVSS6.1AI score0.00448EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/10 10:13 p.m.8 views

CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.8AI score0.00448EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/10 10:13 p.m.27 views

CVE-2026-52726 Dulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE via attacker-dropped .git/hooks payload

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS0.00448EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 10:13 p.m.7 views

CVE-2026-52726 Dulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE via attacker-dropped .git/hooks payload

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.8AI score0.00448EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 10:13 p.m.22 views

CVE-2026-52726

Technical details about CVE-2026-52726 are not publicly provided in the supplied documents; monitor for updates.

7.5CVSS5.8AI score0.00448EPSS
Exploits0References2
Drupal
Drupal
added 2026/06/10 12:0 a.m.9 views

Examples for Developers - Moderately critical - Access bypass - SA-CONTRIB-2026-044

The Examples for Developers project aims to provide high-quality, well-documented API examples for a broad range of Drupal core functionality. The "Read from a file" feature implemented by the fileexample submodule can be used to expose any file that PHP can access. Therefore, the fileexample...

5.5AI score
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Dulwich 路径遍历漏洞

Dulwich is a Python-based Git repository management interface developed by Jelmer Vernooij. Versions of Dulwich from 0.23.2 to 1.2.5 contained a path traversal vulnerability. This vulnerability stemmed from the porcelain.submoduleupdate method not verifying the submodule paths properly. As a...

7.5CVSS5.6AI score0.00448EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.19 views

PT-2026-48568

🔴 CVE-2026-52726 is being exploited for RCE: attackers can drop malicious .git/hooks payloads via Dulwich's submodule path traversal flaw. This bypasses standard protections. Patch immediately to prevent full compromise. NerdieNews CyberSecurity Vulnerability https://t.co/tIoG1l3nqd...

7.5CVSS5.4AI score0.00448EPSS
Exploits0References12
Microsoft CVE
Microsoft CVE
added 2026/05/31 8:4 a.m.5 views

gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule

...

8.5CVSS5.3AI score0.00351EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/28 8:12 p.m.11 views

CVE-2026-40034

gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...

8.5CVSS6.2AI score0.00351EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/28 3:58 a.m.14 views

SUSE CVE-2026-40034

gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...

8.5CVSS6.2AI score0.00351EPSS
Exploits0References3
Rows per page
Query Builder