Lucene search
K

783 matches found

NVD
NVD
added yesterday5 views

CVE-2026-59793

In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration...

8.8CVSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-59793

CVE-2026-59793 affects JetBrains TeamCity prior to version 2026.1.2. The issue allows arbitrary file access via the Perforce VCS integration, due to the Perforce VCS integration component. Impact is described as high for confidentiality, integrity, and availability. The CVSS vector indicates netw...

8.8CVSS6.2AI score
Exploits0References1Affected Software1
NVD
NVD
added 5 days ago7 views

CVE-2026-14468

HashiCorp Terraform Enterprise contained an issue in its version control system VCS ingestion of registry modules that did not correctly enforce the intended boundary on packaged module content. This may allow an authenticated user to include files from outside the intended repository content in ...

7.7CVSS0.00295EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-41946

HashiCorp Terraform Enterprise contained an issue in its version control system VCS ingestion of registry modules that did not correctly enforce the intended boundary on packaged module content. This may allow an authenticated user to include files from outside the intended repository content in ...

7.7CVSS6AI score0.00295EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago4 views

CVE-2026-14468

HashiCorp Terraform Enterprise contained an issue in its version control system VCS ingestion of registry modules that did not correctly enforce the intended boundary on packaged module content. This may allow an authenticated user to include files from outside the intended repository content in ...

7.7CVSS6AI score0.00295EPSS
Exploits0References2Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 5 days ago6 views

Terraform Enterprise vulnerable to arbitrary file read

Summary HashiCorp Terraform Enterprise contained an issue in its version control system VCS ingestion of registry modules that did not correctly enforce the intended boundary on packaged module content. This may allow an authenticated user to include files from outside the intended repository...

7.7CVSS6.1AI score0.00295EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/07/01 11:5 p.m.22 views

CVE-2026-14439

CVE-2026-14439 describes a path-traversal in the Git Service shared by Altium Enterprise Server and Altium 365. The vulnerability arises from a post-clone file-manipulation primitive that accepts user-supplied paths without validation, enabling an authenticated user with basic git access to move ...

9.4CVSS6.5AI score0.00601EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 5:33 p.m.23 views

CVE-2026-48719

Warp, versions 0.2025.08.06.08.12.stable_00 through 0.2026.05.06.15.42.stable_01, contains a command injection in the prompt branch selector. If a user can publish a branch to a Git repository opened in Warp, a crafted branch name can be interpreted by the victim's shell when the branch is select...

8CVSS5.8AI score0.00948EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:50 p.m.9 views

Malicious code in security-alerts-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f881805b709189d00bc52dc57c407bfecdae44fb343f92634a301c31525f6b0 Despite advertising itself as a breach-monitoring SDK, this package executes a remote-access trojan and credential harvester against any installer th...

6AI score
Exploits0References5
EUVD
EUVD
added 2026/06/20 4:43 p.m.11 views

EUVD-2026-38128

Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the GitRepository storage class. The commitsha parameter, which is passed to git commands, lacks validation and does not include a -- separator to distinguish user input from git...

9.9CVSS8.2AI score0.00874EPSS
Exploits3References1
Snyk
Snyk
added 2026/06/17 1:55 p.m.5 views

Creation of Temporary File in Directory with Insecure Permissions

Overview @mariozechner/pi-coding-agent is a Coding agent CLI with read, bash, edit, write tools and session management Affected versions of this package are vulnerable to Creation of Temporary File in Directory with Insecure Permissions in the process handling temporary extension package installs...

7.3CVSS6.3AI score0.00115EPSS
Exploits0References2
Fedora
Fedora
added 2026/06/16 1:3 a.m.15 views

[SECURITY] Fedora 44 Update: ack-3.10.0-1.fc44

Ack is a grep-like search tool designed for use with large heterogeneous trees of source code. It searchs recursively and ignores common version control directories...

5.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-45331

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, validateurl in backend/openwebui/retrieval/web/utils.py calls validators.ipv6ip, private=True, but the validators library does NOT implement the private keyword for IPv6 — the call...

8.5CVSS5.4AI score0.00286EPSS
Exploits1References1
NVD
NVD
added 2026/06/05 7:16 p.m.15 views

CVE-2026-46399

HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code execution on the HAX CM...

9.4CVSS0.00291EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2026/06/05 3:53 p.m.40 views

K000161612: Golang vulnerabilities CVE-2025-4674 and CVE-2025-61724

Security Advisory Description CVE-2025-4674 The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contai...

8.6CVSS6.8AI score0.00526EPSS
Exploits0
OSV
OSV
added 2026/06/05 3:48 p.m.12 views

OESA-2026-2542 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 20.2.2 Release: 4 Summary: A...

8.2CVSS6.6AI score0.00527EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/01 12:0 a.m.18 views

SUSE SLES15 Security Update : docker-stable (SUSE-SU-2026:2120-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2120-1 advisory. This update for docker-stable fixes the following issues - CVE-2026-33747: github.com/moby/buildkit: malicious frontends can craft...

9.8CVSS5.8AI score0.00498EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/19 3:38 p.m.9 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to improper path validation in the repository checkout process. An attacker can modify files outside the intended target directory, including .git directories, by supplying a maliciously crafted repository payloa...

5.4CVSS6.3AI score0.00297EPSS
Exploits0References2
OSV
OSV
added 2026/05/19 12:0 a.m.13 views

MAL-2026-3990 Malicious code in @antv/g6-mobile (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References4
Fedora
Fedora
added 2026/05/17 1:27 a.m.20 views

[SECURITY] Fedora 44 Update: python-jupytext-1.19.1-4.fc44

Have you always wished Jupyter notebooks were plain text documents? Wished you could edit them in your favorite IDE? And get clear and meaningful diffs when doing version control? Then... Jupytext may well be the tool you're looking for! Jupytext is a plugin for Jupyter that can save Jupyter...

9.8CVSS6.5AI score0.01735EPSS
Exploits2
Rows per page
Query Builder