26 matches found
CVE-2026-52806
Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs allows authenticated users to achieve Remote Code Execution RCE on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the "Rebase before...
CVE-2026-48719
Warp is an agentic development environment. From 0.2025.08.06.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by...
CVE-2026-48719 Warp branch selector command injection via Git branch names
Warp is an agentic development environment. From 0.2025.08.06.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by...
EUVD-2026-39001
Warp is an agentic development environment. From 0.2025.08.06.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by...
CVE-2026-48719
Warp is an agentic development environment. From 0.2025.08.06.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by...
PT-2026-48391
Name of the Vulnerable Software and Affected Versions Warp versions 0.2025.08.06.08.12.stable 00 through 0.2026.05.06.15.41.stable 01 Description A command injection exists in the prompt branch selector. An attacker who publishes a crafted branch name to a Git repository can execute arbitrary...
Linux Distros Unpatched Vulnerability : CVE-2026-27113
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit...
CVE-2026-27113
Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution when a user enters a directory in a Git...
CVE-2026-27113
Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution when a user enters a directory in a Git...
UBUNTU-CVE-2026-27113
Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution when a user enters a directory in a Git...
CVE-2026-27113
Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution when a user enters a directory in a Git...
CVE-2026-27113
CVE-2026-27113 concerns Liquid Prompt (bash/zsh prompt helper). The vulnerability affects the master branch prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c, where arbitrary command injection can occur when a user navigates to a Git directory whose branch name contains shell syntax (e.g.,...
CVE-2026-27113 Liquid Prompt arbitrary command injection via crafted Git branch names in gitstatusd backend
Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution when a user enters a directory in a Git...
CVE-2026-27113
Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution when a user enters a directory in a Git...
CVE-2026-27113 Liquid Prompt arbitrary command injection via crafted Git branch names in gitstatusd backend
Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution when a user enters a directory in a Git...
PT-2026-21303
Name of the Vulnerable Software and Affected Versions Liquid Prompt affected versions not specified Description Liquid Prompt, an adaptive prompt for Bash and Zsh, contains a flaw where arbitrary command injection can lead to code execution. This occurs when a user enters a directory within a Git...
CVE-2021-22196
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name...
UBUNTU-CVE-2024-35242
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are availab...
composer security vulnerability
composer is a software application. It provides a statement to manage and install dependencies for PHP projects. A security vulnerability exists in composer versions prior to 2.2.24 and 2.7.7, which stems from the fact that the composer install command run from a git/hg repository with a speciall...
composer security vulnerability
composer is a software application. It provides a declaration to manage and install dependencies of PHP projects. A security vulnerability exists in composer versions prior to 2.2.24 and 2.7.7, which stems from the ability to execute code using the status, reinstall, and remove commands, as well ...