Lucene search
K

56 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Git

Git GUI allows you to use Git source control management tools through a graphical interface. When a user clones an untrusted repository and is tricked into editing a file located in a directory with a malicious name in the repository, Git GUI can create and overwrite files for which the user has...

8.5CVSS7.5AI score0.00296EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.16 views

PT-2026-48681

Name of the Vulnerable Software and Affected Versions PDM versions prior to 2.28.0 Description PDM automatically loads project-local plugin paths from .pdm-plugins during Core initialization. This process uses site.addsitedir, which on CPython processes .pth files in the added directory. If a .pt...

8.4CVSS6.5AI score0.00028EPSS
Exploits0References12
NVD
NVD
added 2026/06/10 11:16 p.m.8 views

CVE-2026-42305

Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accept...

8.8CVSS0.00635EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.6 views

Unity Linux 20.1070a Security Update: git (UTSA-2026-021268)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021268 advisory. Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in...

8.5CVSS7.3AI score0.00296EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/07 4:39 p.m.13 views

BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context

Summary BentoML's bentoml build packaging workflow follows attacker-controlled symlinks inside the build context and copies the referenced file contents into the generated Bento artifact. If a victim builds an untrusted repository or other attacker-supplied build context, the attacker can place a...

5.5CVSS5.7AI score0.00284EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/03/26 6:27 p.m.4 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack when processing Git URL fragment subdir components. An attacker can access files outside the intended Git repository root by specifying a crafted subdir value in the URL fragment. Note: This is only exploitable if builds...

8.2CVSS5.9AI score0.00463EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/18 1:15 a.m.5 views

CVE-2026-28500 ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...

8.6CVSS5.7AI score0.00318EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/16 4:23 p.m.2 views

Resources Downloaded over Insecure Protocol

Overview onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol via the onnx.hub.load function when the silent parameter is set to True. An attacker can bypass repository trust verification and suppress all security...

9.2CVSS6.1AI score0.00318EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/24 12:0 a.m.4 views

EulerOS 2.0 SP13 : git (EulerOS-SA-2025-2256)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command...

8.6CVSS7.7AI score0.02775EPSS
Exploits9References6
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.1 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: git (UTSA-2025-984673)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984673 advisory. Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in...

8.5CVSS8.1AI score0.00296EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-21002

Malicious code in bioql PyPI...

8.5CVSS8.9AI score0.00296EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-29844

Malicious code in bioql PyPI...

8.1CVSS7.5AI score0.01271EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-21005

Malicious code in bioql PyPI...

3.6CVSS7AI score0.00287EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-54322

Malicious code in bioql PyPI...

6.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/28 12:0 a.m.3 views

TencentOS Server 4: git (TSSA-2025:0605)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0605 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

8.5CVSS8.1AI score0.00296EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-27613

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments,...

3.6CVSS6.8AI score0.00287EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2025-46835

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file locat...

8.5CVSS8AI score0.00296EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/04 12:0 a.m.16 views

Amazon Linux 2023 : git, git-all, git-core (ALAS2023-2025-1108)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1108 advisory. When a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. The option Support per-file encoding must have be...

8.6CVSS8.1AI score0.02775EPSS
Exploits9References12
Tenable Nessus
Tenable Nessus
added 2025/07/31 12:0 a.m.6 views

Amazon Linux 2 : git (ALAS-2025-2941)

The version of git installed on the remote host is prior to 2.47.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2941 advisory. When a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be creat...

8.6CVSS8.1AI score0.02775EPSS
Exploits9References12
CNNVD
CNNVD
added 2025/07/29 12:0 a.m.2 views

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go that stems from the execution of unexpected commands in an untrusted VCS repository, which could lead to arbitrary code execution...

8.6CVSS7.3AI score0.00273EPSS
Exploits0References5
Rows per page
Query Builder