Lucene search
K

10 matches found

NVD
NVD
added 2026/06/24 9:16 p.m.9 views

CVE-2026-52806

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs allows authenticated users to achieve Remote Code Execution RCE on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the "Rebase before...

9.9CVSS0.01029EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 5:33 p.m.6 views

EUVD-2026-39001

Warp is an agentic development environment. From 0.2025.08.06.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by...

8CVSS5.8AI score0.00948EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.19 views

PT-2026-48391

Name of the Vulnerable Software and Affected Versions Warp versions 0.2025.08.06.08.12.stable 00 through 0.2026.05.06.15.41.stable 01 Description A command injection exists in the prompt branch selector. An attacker who publishes a crafted branch name to a Git repository can execute arbitrary...

8CVSS6.2AI score0.00948EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/20 10:16 p.m.5 views

CVE-2026-27113

Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution when a user enters a directory in a Git...

6.3CVSS6.3AI score0.00428EPSS
Exploits0References3
OSV
OSV
added 2026/02/20 10:16 p.m.6 views

UBUNTU-CVE-2026-27113

Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution when a user enters a directory in a Git...

6.3CVSS6.3AI score0.00428EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.5 views

PT-2026-21303

Name of the Vulnerable Software and Affected Versions Liquid Prompt affected versions not specified Description Liquid Prompt, an adaptive prompt for Bash and Zsh, contains a flaw where arbitrary command injection can lead to code execution. This occurs when a user enters a directory within a Git...

6.3CVSS6AI score0.00428EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/01/09 9:19 a.m.4 views

CVE-2021-22196

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name...

6.3CVSS6.7AI score0.00939EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/01 12:0 a.m.4 views

PT-2023-31945 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 16.4.3 GitLab versions 16.5 through 16.5.3 GitLab versions 16.6 through 16.6.1 Description: An issue has been discovered in GitLab that allows a malicious actor to bypass prohibited branch checks using a specially...

7.5CVSS7.2AI score0.00546EPSS
Exploits0References13
Hacker One
Hacker One
added 2022/11/28 3:59 a.m.27 views

Ian Dunn: Double evaluation in .bash_prompt of dotfiles allows a malicious repository to execute arbitrary commands

Summary Due to the improper usage of the PS1 environment variable in .bashprompt of dotfiles, a malicious repository can execute arbitrary commands when changed the current directory to it. Description The PS1 environment variable of bash supports command substitutions. For example, setting PS1 t...

1.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2021/04/02 12:0 a.m.5 views

PT-2021-14907 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.4 and later Description: An issue has been discovered in GitLab CE/EE, where it was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name. Recommendations: For GitLa...

6.3CVSS6AI score0.00939EPSS
Exploits0References11
Rows per page
Query Builder