Lucene search
K

176 matches found

NVD
NVD
added 2026/06/24 9:16 p.m.8 views

CVE-2026-52806

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs allows authenticated users to achieve Remote Code Execution RCE on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the "Rebase before...

9.9CVSS0.01029EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:21 p.m.6 views

CVE-2026-52806

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs allows authenticated users to achieve Remote Code Execution RCE on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the "Rebase before...

9.9CVSS6AI score0.01029EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/06/24 5:33 p.m.6 views

EUVD-2026-39001

Warp is an agentic development environment. From 0.2025.08.06.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by...

8CVSS5.8AI score0.00948EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.11 views

PT-2026-51624

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Authenticated users can achieve Remote Code Execution RCE on the server during the "Rebase before merging" operation in pull requests. The issue stems from improper argument handling where the base...

9.9CVSS6.2AI score0.01029EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.18 views

PT-2026-48391

Name of the Vulnerable Software and Affected Versions Warp versions 0.2025.08.06.08.12.stable 00 through 0.2026.05.06.15.41.stable 01 Description A command injection exists in the prompt branch selector. An attacker who publishes a crafted branch name to a Git repository can execute arbitrary...

8CVSS6.2AI score0.00948EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.9 views

CVE-2026-8767

A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an...

7.5CVSS4.9AI score0.04261EPSS
Exploits1References1
Metasploit
Metasploit
added 2026/06/03 7:1 p.m.229 views

Gogs Git Rebase Argument Injection RCE

This module exploits an argument injection vulnerability in the pull request merge flow of Gogs is parsed by Git as the --exec flag rather than a positional argument, causing sh -c to run after each replayed commit during the rebase. Two exploitation methods are supported: - ownrepo: The attacker...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/21 3:41 p.m.13 views

CVE-2026-25244

A flaw was found in WebdriverIO. A remote attacker can exploit a command injection vulnerability by crafting a malicious Git repository with a specially named branch. This branch name, containing shell metacharacters, is unsafely processed during test orchestration. This allows for remote code...

9.8CVSS6.3AI score0.02799EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/05/17 10:30 p.m.42 views

CVE-2026-8767 vercel ai PR Branch Name Interpolation prettier-on-automerge.yml run os command injection

A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an...

5CVSS0.04261EPSS
Exploits1References4
OSV
OSV
added 2026/03/24 12:54 p.m.6 views

CVE-2026-33475 Langflow GitHub Actions Shell Injection

Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection vulnerability exists in multiple GitHub Actions workflows in the Langflow repository prior to version 1.9.0. Unsanitized interpolation of GitHub context variables e.g., $...

9.1CVSS6.2AI score0.02956EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/02/20 10:16 p.m.4 views

CVE-2026-27113

Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution when a user enters a directory in a Git...

6.3CVSS6.3AI score0.00428EPSS
Exploits0References3
OSV
OSV
added 2026/02/20 10:16 p.m.4 views

UBUNTU-CVE-2026-27113

Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution when a user enters a directory in a Git...

6.3CVSS6.3AI score0.00428EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/20 9:34 p.m.3 views

CVE-2026-27113 Liquid Prompt arbitrary command injection via crafted Git branch names in gitstatusd backend

Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution when a user enters a directory in a Git...

6.3CVSS6.2AI score0.00428EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.5 views

PT-2026-21303

Name of the Vulnerable Software and Affected Versions Liquid Prompt affected versions not specified Description Liquid Prompt, an adaptive prompt for Bash and Zsh, contains a flaw where arbitrary command injection can lead to code execution. This occurs when a user enters a directory within a Git...

6.3CVSS6AI score0.00428EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/01/09 9:19 a.m.4 views

CVE-2021-22196

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name...

6.3CVSS6.7AI score0.00939EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:9 a.m.12 views

CVE-2024-2878

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible for an attacker to cause a denial of service by crafting unusual search terms for branch names...

7.5CVSS6.3AI score0.17649EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 9:46 p.m.6 views

Malicious code in enforce-branch-name (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63b39bd3b9b616432b7d29c60d2da9d425b52f8823742287d8f6c4203319383a The package enforce-branch-name was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References4
EUVD
EUVD
added 2025/11/24 9:46 p.m.2 views

EUVD-2025-199084

Malicious code in enforce-branch-name npm...

6.6AI score
Exploits0References1
OSV
OSV
added 2025/11/24 9:46 p.m.4 views

MAL-2025-190959 Malicious code in enforce-branch-name (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63b39bd3b9b616432b7d29c60d2da9d425b52f8823742287d8f6c4203319383a The package enforce-branch-name was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References4
CNNVD
CNNVD
added 2025/11/15 12:0 a.m.4 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE and EE versions 17.6 through befo...

4.3CVSS6.5AI score0.0031EPSS
Exploits0References4
Rows per page
Query Builder