Lucene search
K

3188 matches found

NVD
NVD
added yesterday6 views

CVE-2026-59702

repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers t...

9.3CVSS
Exploits0References4
NVD
NVD
added yesterday5 views

CVE-2026-59703

repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file://...

8.7CVSS
Exploits0References4
EUVD
EUVD
added yesterday5 views

EUVD-2026-42298

repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers t...

9.3CVSS6.1AI score
Exploits0References4
Cvelist
Cvelist
added yesterday9 views

CVE-2026-59703 repomix - Local File Inclusion via file:// URL Scheme in Git Clone Endpoint

repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file://...

8.7CVSS
Exploits0References4
CVE
CVE
added yesterday11 views

CVE-2026-59703

repomix is affected by a local file inclusion vulnerability in the git clone endpoint. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts does not block file:// URLs, allowing an unauthenticated user to supply file:// scheme URLs that bypass validation and are passed to git clone, ...

8.7CVSS6.1AI score
Exploits0References4
EUVD
EUVD
added yesterday3 views

EUVD-2026-42273

repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file://...

8.7CVSS6.1AI score
Exploits0References4
Nuclei
Nuclei
added yesterday41 views

WordPress WP Clone <= 2.4.2 - Database Backup Exposure

Clone WordPress plugin 2.4.3 contains a buffer overflow caused by storing in-progress backup information in publicly accessible buffer files at a static file path, letting attackers access sensitive backup data, exploit requires no special privileges id: CVE-2023-6750 info: name: WordPress WP Clo...

7.5CVSS7.3AI score0.01961EPSS
Exploits2References3
Nuclei
Nuclei
added 2 days ago104 views

cgit < 1.2.1 - Directory Traversal

cGit 1.2.1 via cgitcloneobjects has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. id: CVE-2018-14912 info: name: cgit 1.2.1 - Directory Traversal author: 0xAkoko severity: high description: cGit...

7.5CVSS7.1AI score0.93188EPSS
Exploits7References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago4 views

Malicious code in jsonschemavalidation (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eae82aa94c358f1f00f8a12e8b583cee82efdcf09d2f80263e6851ac0fec98f3 The PyPI project jsonschemavalidation builds a wheel whose installed top-level package is literally jsonschema tool.hatch.build.targets.wheel package...

6.1AI score
Exploits0References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-41996

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the cloneTo Livewire action in ResourceOperations.php authorizes the source resource but resolves destination resources with unscoped Eloquent lookups, allowing an...

9.9CVSS5.9AI score0.00247EPSS
Exploits0References3
NVD
NVD
added 2026/07/01 2:16 p.m.5 views

CVE-2026-53341

In the Linux kernel, the following vulnerability has been resolved: fhandle: fix UAF due to unlocked -mntns read in maydecodefh maydecodefh accesses mount::mntns without holding any locks; that means the mount can concurrently be unmounted, and the mntnamespace can concurrently be freed after an...

0.00156EPSS
Exploits0References4
NVD
NVD
added 2026/06/29 7:16 a.m.9 views

CVE-2026-13540

A security flaw has been discovered in GitBucket up to 4.46.1. This affects the function Git.cloneRepository.setURI of the file src/main/scala/gitbucket/core/service/RepositoryCreationService.scala. Performing a manipulation of the argument url results in server-side request forgery. The attack i...

6.5CVSS0.00227EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/29 5:45 a.m.6 views

CVE-2026-13540

A security flaw has been discovered in GitBucket up to 4.46.1. This affects the function Git.cloneRepository.setURI of the file src/main/scala/gitbucket/core/service/RepositoryCreationService.scala. Performing a manipulation of the argument url results in server-side request forgery. The attack i...

6.5CVSS6.2AI score0.00227EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/29 5:45 a.m.9 views

EUVD-2026-40038

A security flaw has been discovered in GitBucket up to 4.46.1. This affects the function Git.cloneRepository.setURI of the file src/main/scala/gitbucket/core/service/RepositoryCreationService.scala. Performing a manipulation of the argument url results in server-side request forgery. The attack i...

6.5CVSS5.5AI score0.00227EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/29 5:45 a.m.31 views

CVE-2026-13540 GitBucket RepositoryCreationService.scala Git.cloneRepository.setURI server-side request forgery

A security flaw has been discovered in GitBucket up to 4.46.1. This affects the function Git.cloneRepository.setURI of the file src/main/scala/gitbucket/core/service/RepositoryCreationService.scala. Performing a manipulation of the argument url results in server-side request forgery. The attack i...

6.5CVSS0.00227EPSS
Exploits0References8
CVE
CVE
added 2026/06/29 5:45 a.m.17 views

CVE-2026-13540

GitBucket up to 4.46.1 is affected by a vulnerability in Git.cloneRepository.setURI (RepositoryCreationService.scala) that allows server-side request forgery when the argument url is manipulated. This can be exploited remotely. An exploit has been released publicly. The patch identified is 487a9b...

6.5CVSS6.2AI score0.00227EPSS
Exploits0References8
OSV
OSV
added 2026/06/29 12:0 a.m.3 views

ALSA-2026:33226 Moderate: glibc security, bug fix, and enhancement update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...

9.8CVSS5.9AI score0.00451EPSS
Exploits1References4
OSV
OSV
added 2026/06/28 9:50 p.m.10 views

MAL-2026-6561 Malicious code in skillspector (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c77584b4e40db9023ca0b8a90fa1bd611c859ed486f99ca3a7c9a83dbfa9877 This package presents itself as a redistribution of NVIDIA/skillspector pyproject Homepage points to github.com/NVIDIA/skillspector and the source...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/28 9:50 p.m.10 views

Malicious code in skillspector (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c77584b4e40db9023ca0b8a90fa1bd611c859ed486f99ca3a7c9a83dbfa9877 This package presents itself as a redistribution of NVIDIA/skillspector pyproject Homepage points to github.com/NVIDIA/skillspector and the source...

5.9AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-52973

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - futex: Drop CLONETHREAD requirement for private default hash alloc Currently needfutexhashallocatedefault depends on strict pthread semantics, abusing...

7.8CVSS6AI score0.00128EPSS
Exploits0References3
Rows per page
Query Builder