Lucene search
+L

4250 matches found

nvd
nvd
added yesterday6 views

CVE-2026-49987

Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/core/git/gitCommand.ts execGitShallowClone passes the --remote-branch value directly to git fetch and git checkout without validation or --end-of-options, allowing --upload-pack or other Git option injection th...

7.5CVSS0.00066EPSS
Exploits0References3
cve
cve
added yesterday14 views

CVE-2026-49987

CVE-2026-49987 affects Repomix (npm) where the function execGitShallowClone uses the --remote-branch value directly in git fetch/checkout calls. The input can be injected to pass arbitrary git options (e.g., --upload-pack) to local or SSH transports, enabling remote command execution with the use...

7.5CVSS6.2AI score0.00066EPSS
Exploits0References3
cvelist
cvelist
added yesterday24 views

CVE-2026-49987 Repomix: Command Injection (RCE) via `--remote-branch` Argument Injection

Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/core/git/gitCommand.ts execGitShallowClone passes the --remote-branch value directly to git fetch and git checkout without validation or --end-of-options, allowing --upload-pack or other Git option injection th...

7.5CVSS0.00066EPSS
Exploits0References3
osv
osv
added 3 days ago4 views

CVE-2026-13221 Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk

Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perlstudychunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored ...

9.1CVSS6.1AI score0.00606EPSS
Exploits0References7
cve
cve
added 3 days ago32 views

CVE-2026-13221

CVE-2026-13221 affects Perl versions through 5.43.9. When an alternation of more than 65,535 fixed-string branches is compiled into a trie in Perl_study_chunk, the 16‑bit delta between the first branch and the shared tail overflows. The trie’s match decision table is truncated with no warning, pr...

9.1CVSS6.1AI score0.00606EPSS
Exploits0References3Affected Software1
ossf
ossf
added 4 days ago9 views

Malicious code in auto-debug-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dd31c11b5149d8dd2142c81cc066576dc799ba4dae4599a9569cb56256417ec package.json declares a postinstall hook node install.js that fires automatically on npm install. On Windows, install.js invokes hidden PowerShell -N...

6.1AI score
Exploits0References4
nvd
nvd
added 2026/07/08 9:16 a.m.11 views

CVE-2026-57253

An abnormal image object causes the renderer to enter the wrong processing branch. When converting the scan lines, an invalid image buffer pointer is used, resulting in the application crashing...

6.1CVSS0.00107EPSS
Exploits0References1
euvd
euvd
added 2026/07/08 7:36 a.m.7 views

EUVD-2026-42201

An abnormal image object causes the renderer to enter the wrong processing branch. When converting the scan lines, an invalid image buffer pointer is used, resulting in the application crashing...

6.1CVSS6.1AI score0.00107EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/08 7:36 a.m.6 views

CVE-2026-57253

An abnormal image object causes the renderer to enter the wrong processing branch. When converting the scan lines, an invalid image buffer pointer is used, resulting in the application crashing...

6.1CVSS6.1AI score0.00107EPSS
Exploits0References2Affected Software2
snyk
snyk
added 2026/07/08 2:25 a.m.12 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the scp process. An attacker can cause files to be placed outside the intended directory by crafting a copy operation between two remote destinations. Remediation A fix was pushed into the master branch but n...

5.4CVSS6.1AI score0.00241EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.11 views

PT-2026-56352

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description An abnormal image object causes the renderer to enter an incorrect processing branch. During the conversion of scan lines, the application uses an invalid image buffer pointer...

6.1CVSS6.1AI score0.00107EPSS
Exploits0References5
snyk
snyk
added 2026/07/07 3:25 p.m.4 views

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the checksdpcrypto function due to an inverted boolean condition. An attacker can weaken the binding between DTLS certificates and SDP by intercepting and modifying WebRTC signaling...

6.3CVSS6.1AI score0.0015EPSS
Exploits0References2
snyk
snyk
added 2026/07/03 10:19 p.m.7 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper error handling in the pre-receive process when processing input with bufio.Scanner. An attacker can bypass branch-protection checks by submitting oversized input that triggers scanner errors...

9.8CVSS6AI score0.00472EPSS
Exploits0References2
nvd
nvd
added 2026/07/03 9:16 p.m.6 views

CVE-2026-27775

Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access...

8.8CVSS0.00523EPSS
Exploits0References4
nvd
nvd
added 2026/07/03 9:16 p.m.7 views

CVE-2026-27780

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks...

9.8CVSS0.00472EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/07/03 8:19 p.m.7 views

CVE-2026-27775

Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access...

5.9AI score0.00523EPSS
Exploits0References5Affected Software1
cve
cve
added 2026/07/03 8:19 p.m.15 views

CVE-2026-27775

The CVE-2026-27775 issue affects Gitea 1.25.5, where a branch-specific write-permission result cached in a pre-receive hook session can be reused across refs, enabling an attacker with per-branch maintainer edits to escalate to full repository write access. Connected sources (Snyk advisories) con...

8.8CVSS7.1AI score0.00523EPSS
Exploits0References4
euvd
euvd
added 2026/07/03 8:19 p.m.8 views

EUVD-2026-41638

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks...

6AI score0.00472EPSS
Exploits0References3
cve
cve
added 2026/07/03 8:19 p.m.30 views

CVE-2026-27780

The CVE-2026-27780 issue affects Gitea versions before 1.26.0, where pre-receive hook input processing with bufio.Scanner may error without failing closed, allowing oversized input to bypass branch-protection checks. The root cause is improper handling of scanner errors in the pre-receive path. A...

9.8CVSS6AI score0.00472EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/07/03 8:19 p.m.5 views

CVE-2026-27780

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks...

6AI score0.00472EPSS
Exploits0References4
Rows per page
Query Builder