Lucene search
K

177 matches found

NVD
NVD
added 2026/06/24 9:16 p.m.7 views

CVE-2026-52795

Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, because the access check in the Watch API handler is inverted. The code checks if repoCtx.ViewerCanRead returns 404 when the user CAN read instead o...

4.3CVSS0.00168EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 5:33 p.m.23 views

CVE-2026-48719

Warp, versions 0.2025.08.06.08.12.stable_00 through 0.2026.05.06.15.42.stable_01, contains a command injection in the prompt branch selector. If a user can publish a branch to a Git repository opened in Warp, a crafted branch name can be interpreted by the victim's shell when the branch is select...

8CVSS5.8AI score0.00948EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 5:33 p.m.31 views

CVE-2026-48719 Warp branch selector command injection via Git branch names

Warp is an agentic development environment. From 0.2025.08.06.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by...

8CVSS0.00948EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:33 p.m.5 views

CVE-2026-48719

Warp is an agentic development environment. From 0.2025.08.06.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by...

8CVSS5.8AI score0.00948EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.5 views

CVE-2026-57286

A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata...

4.3CVSS5.9AI score0.00216EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 1:20 p.m.7 views

EUVD-2026-38766

A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata...

4.3CVSS5.9AI score0.00216EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.34 views

CVE-2026-57286

A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata...

0.00216EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 6:17 p.m.20 views

CVE-2026-45628

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via childprocess.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...

9.6CVSS0.0023EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 4:33 p.m.42 views

CVE-2026-45628 Dokploy: Command Injection via Unescaped Branch Fields in Deployment Pipeline

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via childprocess.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...

9.6CVSS0.0023EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 4:33 p.m.13 views

CVE-2026-45628 Dokploy: Command Injection via Unescaped Branch Fields in Deployment Pipeline

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via childprocess.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...

9.6CVSS5.8AI score0.0023EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

Dokploy 命令注入漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy 0.29.2 and earlier contained a command injection vulnerability. This vulnerability stemmed from the use of JavaScript template literal expressions to construct shell commands, which were executed via...

9.6CVSS6.1AI score0.0023EPSS
Exploits0References1
NVD
NVD
added 2026/05/18 9:16 p.m.18 views

CVE-2026-25244

WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution RCE in test orchestration. Git permits branch names containing shell...

9.8CVSS0.02799EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/05/18 8:31 p.m.8 views

CVE-2026-25244 WebdriverIO has Command Injection in the BrowserStack Service

WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution RCE in test orchestration. Git permits branch names containing shell...

9.8CVSS6.6AI score0.02799EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/18 8:31 p.m.10 views

EUVD-2026-30805

WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution RCE in test orchestration. Git permits branch names containing shell...

9.8CVSS6.6AI score0.02799EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/18 8:31 p.m.7 views

CVE-2026-25244

WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution RCE in test orchestration. Git permits branch names containing shell...

9.8CVSS6.6AI score0.02799EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 5:53 p.m.14 views

WebdriverIO BrowserStack Service has a Command Injection issue

Summary A command injection vulnerability exists in @wdio/browserstack-service that allows remote code execution RCE when processing git branch names in test orchestration. An attacker can exploit this by providing a malicious git repository with a branch name containing shell command injection...

9.8CVSS6.4AI score0.02799EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/05/11 5:53 p.m.6 views

GHSA-5C46-X3QW-Q7J7 WebdriverIO BrowserStack Service has a Command Injection issue

Summary A command injection vulnerability exists in @wdio/browserstack-service that allows remote code execution RCE when processing git branch names in test orchestration. An attacker can exploit this by providing a malicious git repository with a branch name containing shell command injection...

9.8CVSS6.4AI score0.02799EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.12 views

PT-2026-39872

Name of the Vulnerable Software and Affected Versions WebdriverIO versions prior to 9.24.0 Description A command injection issue exists in the test orchestration of WebdriverIO, specifically within the @wdio/browserstack-service module. The function getGitMetadataForAISelection interpolates git...

9.8CVSS7.9AI score0.02799EPSS
Exploits1References18
GithubExploit
GithubExploit
added 2026/04/13 4:2 p.m.93 views

Exploit for CVE-2025-54416

CVE-2025-54416: tj-actions/branch-names Command Injection PoC...

9.1CVSS5.9AI score0.00552EPSS
Exploits1
HackRead
HackRead
added 2026/03/30 8:53 p.m.7 views

OpenAI Codex Vulnerability Allowed Attackers to Steal GitHub Tokens

OpenAI Codex vulnerability allowed attackers to steal GitHub tokens via malicious branch names using hidden Unicode command injection flaw...

5.9AI score
Exploits0
Rows per page
Query Builder