CVE-2026-42305 Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows

Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accept...

EUVD-2026-36181

Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accept...

CVE-2026-42305

Dulwich (pure-Python Git implementation) versions before 1.2.5 on Windows are vulnerable to an arbitrary file write via NTFS-hostile tree entries, causing remote code execution when cloning or checking out a malicious repository. Root cause: path-element validation allowed filenames that Windows ...

CVE-2026-42305

Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accept...

CVE-2026-50508

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-50507

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack...

CVE-2026-45655

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack...

CVE-2026-45634

Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally...

CVE-2026-45608

Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally...

CVE-2026-45594

Exposure of sensitive information to an unauthorized actor in Windows Application Identity AppID Subsystem allows an authorized attacker to disclose information locally...

CVE-2026-45604

Out-of-bounds read in Windows Application Identity AppID Subsystem allows an authorized attacker to disclose information locally...

CVE-2026-44814

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally...

CVE-2026-42973

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...

CVE-2026-44805

Use after free in Windows Network Controller NC Host Agent allows an authorized attacker to deny service locally...

CVE-2026-42971

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...

CVE-2026-42968

Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally...

CVE-2026-42914

Windows Kerberos Denial of Service Vulnerability...

CVE-2026-42970

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...

CVE-2026-42969

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...

CVE-2026-42907

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...