CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

172 matches found

Positive Technologies•added 4 days ago•8 views

PT-2026-48391

Found a command injection in Warp CVE-2026-48719 A crafted Git branch name runs in the victim's shell when selected in the prompt branch selector. Responsibly disclosed and now patched. Update @warpdotdev to stay safe. https://t.co/j16vvGrYLa...

5.5AI score0.00069EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:43 p.m.•7 views

CVE-2026-8767

A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an...

7.5CVSS4.9AI score0.00307EPSS

Exploits1References1

Metasploit•added 2026/06/03 7:1 p.m.•89 views

Gogs Git Rebase Argument Injection RCE

This module exploits an argument injection vulnerability in the pull request merge flow of Gogs is parsed by Git as the --exec flag rather than a positional argument, causing sh -c to run after each replayed commit during the rebase. Two exploitation methods are supported: - ownrepo: The attacker...

5.9AI score

Exploits0

RedhatCVE•added 2026/05/21 3:41 p.m.•9 views

CVE-2026-25244

A flaw was found in WebdriverIO. A remote attacker can exploit a command injection vulnerability by crafting a malicious Git repository with a specially named branch. This branch name, containing shell metacharacters, is unsafely processed during test orchestration. This allows for remote code...

9.8CVSS6.3AI score0.0015EPSS

Exploits1References6

Cvelist•added 2026/05/17 10:30 p.m.•37 views

CVE-2026-8767 vercel ai PR Branch Name Interpolation prettier-on-automerge.yml run os command injection

5CVSS0.00307EPSS

Exploits1References4

OSV•added 2026/03/24 12:54 p.m.•3 views

CVE-2026-33475 Langflow GitHub Actions Shell Injection

Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection vulnerability exists in multiple GitHub Actions workflows in the Langflow repository prior to version 1.9.0. Unsanitized interpolation of GitHub context variables e.g., $...

9.1CVSS6.2AI score0.00081EPSS

Exploits1References3

OSV•added 2026/02/20 10:16 p.m.•3 views

UBUNTU-CVE-2026-27113

Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution when a user enters a directory in a Git...

6.3CVSS6.3AI score0.00033EPSS

Exploits0References4

UbuntuCve•added 2026/02/20 10:16 p.m.•3 views

CVE-2026-27113

6.3CVSS6.3AI score0.00033EPSS

Exploits0References3

Vulnrichment•added 2026/02/20 9:34 p.m.•3 views

CVE-2026-27113 Liquid Prompt arbitrary command injection via crafted Git branch names in gitstatusd backend

6.3CVSS6.2AI score0.00033EPSS

Exploits0References2

Positive Technologies•added 2026/02/20 12:0 a.m.•3 views

PT-2026-21303

Name of the Vulnerable Software and Affected Versions Liquid Prompt affected versions not specified Description Liquid Prompt, an adaptive prompt for Bash and Zsh, contains a flaw where arbitrary command injection can lead to code execution. This occurs when a user enters a directory within a Git...

6.3CVSS6AI score0.00033EPSS

Exploits0References10

RedhatCVE•added 2026/01/09 9:19 a.m.•2 views

CVE-2021-22196

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name...

6.3CVSS6.7AI score0.00191EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:9 a.m.•11 views

CVE-2024-2878

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible for an attacker to cause a denial of service by crafting unusual search terms for branch names...

7.5CVSS6.3AI score0.0462EPSS

Exploits0References1

OSV•added 2025/11/24 9:46 p.m.•3 views

MAL-2025-190959 Malicious code in enforce-branch-name (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63b39bd3b9b616432b7d29c60d2da9d425b52f8823742287d8f6c4203319383a The package enforce-branch-name was found to contain malicious code. Source: ghsa-malware...

6.8AI score

Exploits0References4

OSSF Malicious Packages•added 2025/11/24 9:46 p.m.•4 views

Malicious code in enforce-branch-name (npm)

6.9AI score

Exploits0References4

EUVD•added 2025/11/24 9:46 p.m.•1 views

EUVD-2025-199084

Malicious code in enforce-branch-name npm...

6.6AI score

Exploits0References1

CNNVD•added 2025/11/15 12:0 a.m.•1 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE and EE versions 17.6 through befo...

4.3CVSS6.5AI score0.00008EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-8696

Malware in sbrugna...

8.8CVSS8.6AI score0.00787EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-9174

Malware in sbrugna...

5.4CVSS5.5AI score0.0014EPSS

Exploits0References3