Lucene search
K

4 matches found

EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-42273

repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file://...

8.7CVSS6.1AI score
Exploits0References5
Cvelist
Cvelist
added 2 hours ago8 views

CVE-2026-59703 repomix - Local File Inclusion via file:// URL Scheme in Git Clone Endpoint

repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file://...

8.7CVSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/12/10 12:0 a.m.4 views

PT-2021-23007 · Snipe-It · Snipe-It

Name of the Vulnerable Software and Affected Versions: snipe-it versions prior to 5.3.4 Description: The issue is related to Improper Access Control. Regular users with DENY set to all models permissions can still view model information via the "/models/id/clone" endpoint due to no authorize'view...

4.3CVSS4.2AI score0.00697EPSS
Exploits1References7
Huntr
Huntr
added 2021/12/09 4:42 a.m.31 views

Improper Access Control in snipe/snipe-it

Description Regular users with DENY set to all models permissions can still view model information via the /models/id/clone endpoint due to no authorize'view' permission being set. Proof of Concept 1: Create regular user and set DENY to all permissions in asset models. 2: Login as the user 3:...

4CVSS2.3AI score0.00697EPSS
Exploits1
Rows per page
Query Builder