Lucene search
+L

3217 matches found

nuclei
nuclei
added 10 hours ago41 views

WordPress WP Clone <= 2.4.2 - Database Backup Exposure

Clone WordPress plugin 2.4.3 contains a buffer overflow caused by storing in-progress backup information in publicly accessible buffer files at a static file path, letting attackers access sensitive backup data, exploit requires no special privileges id: CVE-2023-6750 info: name: WordPress WP Clo...

7.5CVSS7.1AI score0.01961EPSS
Exploits2References3
nvd
nvd
added yesterday5 views

CVE-2026-53447

Wekan is open source kanban built with Meteor. Prior to 9.35, the Wekan cloneBoard Meteor method in models/import.js uses caller-supplied sourceBoardId to build a board export through models/exporter.js without invoking canExport or checking source-board membership. Any authenticated user who kno...

6.5CVSS0.00026EPSS
Exploits0References3
cve
cve
added yesterday14 views

CVE-2026-49987

CVE-2026-49987 affects Repomix (npm) where the function execGitShallowClone uses the --remote-branch value directly in git fetch/checkout calls. The input can be injected to pass arbitrary git options (e.g., --upload-pack) to local or SSH transports, enabling remote command execution with the use...

7.5CVSS6.2AI score0.00066EPSS
Exploits0References3
nuclei
nuclei
added 5 days ago105 views

cgit < 1.2.1 - Directory Traversal

cGit 1.2.1 via cgitcloneobjects has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. id: CVE-2018-14912 info: name: cgit 1.2.1 - Directory Traversal author: 0xAkoko severity: high description: cGit...

7.5CVSS6.9AI score0.93188EPSS
Exploits7References5
osv
osv
added 6 days ago4 views

OPENSUSE-SU-2026:21310-1 Security update for gh

This update for gh fixes the following issues: Changes in gh: - Update to version 2.96.0: Critical security fix: patched vulnerability in gh codespace jupyter that could allow command execution when connecting to malicious Codespaces Merge commit from fork Fix concurrent map writes in codespace...

9.6CVSS7AI score0.00861EPSS
Exploits0References23
astralinux
astralinux
added 2026/07/09 8:12 a.m.4 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fixed a use-after-free in bondxmitbroadcast. bondxmitbroadcast reuses the original skb for the last slave determined by bondislastslave and clones it for others. Concurrent slave enslave/release operations may mutat...

7.8CVSS5.7AI score0.00124EPSS
Exploits0References3
nvd
nvd
added 2026/07/08 8:16 p.m.8 views

CVE-2026-55575

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.27.1, the pop array filter at src/filters/array.ts allocated a full clone of its input array via ...toArrayv without calling this.context.memoryLimit.use..., allowing a template render such as hugearra...

8.2CVSS0.00384EPSS
Exploits0References4
snyk
snyk
added 2026/07/08 6:46 p.m.7 views

Server-side Request Forgery (SSRF)

Overview repomix is an A tool to pack repository contents to single file for AI consumption Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the processRemoteRepo path in POST /api/pack and its repository URL handling before git clone. An attacker can...

9.3CVSS6.2AI score0.00324EPSS
Exploits0References2
nvd
nvd
added 2026/07/08 4:16 p.m.12 views

CVE-2026-59702

repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers t...

9.3CVSS0.00324EPSS
Exploits0References4
nvd
nvd
added 2026/07/08 3:16 p.m.7 views

CVE-2026-59703

repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file://...

8.7CVSS0.00386EPSS
Exploits0References4
euvd
euvd
added 2026/07/08 3:7 p.m.6 views

EUVD-2026-42298

repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers t...

9.3CVSS6.1AI score0.00324EPSS
Exploits0References4
osv
osv
added 2026/07/08 3:7 p.m.2 views

CVE-2026-59702 repomix - Server-Side Request Forgery via Unvalidated Repository URLs in POST /api/pack

repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers t...

9.2CVSS6.2AI score0.00324EPSS
Exploits0References6
euvd
euvd
added 2026/07/08 2:55 p.m.5 views

EUVD-2026-42273

repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file://...

8.7CVSS6.1AI score0.00386EPSS
Exploits0References4
cvelist
cvelist
added 2026/07/08 2:55 p.m.45 views

CVE-2026-59703 repomix - Local File Inclusion via file:// URL Scheme in Git Clone Endpoint

repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file://...

8.7CVSS0.00386EPSS
Exploits0References4
cve
cve
added 2026/07/08 2:55 p.m.18 views

CVE-2026-59703

repomix is affected by a local file inclusion vulnerability in the git clone endpoint. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts does not block file:// URLs, allowing an unauthenticated user to supply file:// scheme URLs that bypass validation and are passed to git clone, ...

8.7CVSS6.1AI score0.00386EPSS
Exploits0References4
osv
osv
added 2026/07/08 2:55 p.m.4 views

CVE-2026-59703 repomix - Local File Inclusion via file:// URL Scheme in Git Clone Endpoint

repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file://...

8.7CVSS6.2AI score0.00386EPSS
Exploits0References6
osv
osv
added 2026/07/07 3:29 p.m.6 views

MAL-2026-6945 Malicious code in jsonschemavalidation (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eae82aa94c358f1f00f8a12e8b583cee82efdcf09d2f80263e6851ac0fec98f3 The PyPI project jsonschemavalidation builds a wheel whose installed top-level package is literally jsonschema tool.hatch.build.targets.wheel package...

6.2AI score
Exploits0References2
ossf
ossf
added 2026/07/07 3:29 p.m.13 views

Malicious code in jsonschemavalidation (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eae82aa94c358f1f00f8a12e8b583cee82efdcf09d2f80263e6851ac0fec98f3 The PyPI project jsonschemavalidation builds a wheel whose installed top-level package is literally jsonschema tool.hatch.build.targets.wheel package...

6.1AI score
Exploits0References2
euvd
euvd
added 2026/07/07 3:21 a.m.5 views

EUVD-2026-41996

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the cloneTo Livewire action in ResourceOperations.php authorizes the source resource but resolves destination resources with unscoped Eloquent lookups, allowing an...

9.9CVSS5.9AI score0.00247EPSS
Exploits0References3
nvd
nvd
added 2026/07/01 2:16 p.m.5 views

CVE-2026-53341

In the Linux kernel, the following vulnerability has been resolved: fhandle: fix UAF due to unlocked -mntns read in maydecodefh maydecodefh accesses mount::mntns without holding any locks; that means the mount can concurrently be unmounted, and the mntnamespace can concurrently be freed after an...

0.00156EPSS
Exploits0References4
Rows per page
Query Builder