Lucene search
+L

10443 matches found

NVD
NVD
added 8 hours ago6 views

CVE-2026-63093

Cursor for Windows version 3.2.16 contains a binary planting vulnerability that allows remote attackers to achieve arbitrary code execution by placing a malicious git.exe file in the repository root directory. When a developer clones and opens a crafted repository, Cursor automatically resolves a...

8.8CVSS
Exploits0References3
CVE
CVE
added 9 hours ago6 views

CVE-2026-63093

CVE-2026-63093 affects Cursor for Windows 3.2.16. The issue is a binary planting vulnerability: if a malicious file named git.exe is placed in the repository root, Cursor can resolve and execute it during IDE startup and on a recurring cadence, executing with the current user’s privileges. This e...

8.8CVSS6.3AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 9 hours ago5 views

CVE-2026-63093 Cursor for Windows 3.2.16 RCE via Malicious git.exe in Workspace

Cursor for Windows version 3.2.16 contains a binary planting vulnerability that allows remote attackers to achieve arbitrary code execution by placing a malicious git.exe file in the repository root directory. When a developer clones and opens a crafted repository, Cursor automatically resolves a...

8.8CVSS6.3AI score
Exploits0References3
Cvelist
Cvelist
added 9 hours ago9 views

CVE-2026-63093 Cursor for Windows 3.2.16 RCE via Malicious git.exe in Workspace

Cursor for Windows version 3.2.16 contains a binary planting vulnerability that allows remote attackers to achieve arbitrary code execution by placing a malicious git.exe file in the repository root directory. When a developer clones and opens a crafted repository, Cursor automatically resolves a...

8.8CVSS
Exploits0References3
Nuclei
Nuclei
added 18 hours ago36 views

n8n >= 0.123.0 and < 1.121.3 - Remote Code Execution

n8n versions = 0.123.0 and = 0.123.0 and = 0.123.0 and 1.121.3 contain a critical authenticated remote code execution vulnerability via arbitrary file write. An authenticated user can exploit the Git node to overwrite critical files and execute untrusted code on the n8n server, potentially leadin...

9.9CVSS9.7AI score0.05258EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago101 views

Jenkins Git <=4.11.3 - Missing Authorization

Jenkins Git plugin through 4.11.3 contains a missing authorization check. An attacker can trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. This can make it possible to obtain sensitive information, modify...

7.5CVSS6.5AI score0.05563EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 23 hours ago5 views

PT-2026-60775

Cursor for Windows version 3.2.16 contains a binary planting vulnerability that allows remote attackers to achieve arbitrary code execution by placing a malicious git.exe file in the repository root directory. When a developer clones and opens a crafted repository, Cursor automatically resolves a...

8.8CVSS6.3AI score
Exploits0References3
NVD
NVD
added yesterday6 views

CVE-2026-53535

Activepieces is an open source AI workflow automation platform. Prior to 0.82.0, the git-sync feature clones a user-configured Git repository into a temporary directory on the server and then writes flow, table, and connection state into it before pushing back, and two separate weaknesses allowed...

5.9CVSS
Exploits0References4
CVE
CVE
added yesterday10 views

CVE-2026-53535

Activepieces prior to 0.82.0 is affected by an arbitrary file write in the git-sync workflow. The issue occurs because git-sync clones a configured repository into a temporary server directory with Git’s symbolic-link handling enabled, allowing symlinks to redirect writes. Additionally, on-disk i...

5.9CVSS6.3AI score
Exploits0References4
Cvelist
Cvelist
added yesterday33 views

CVE-2026-53535 Activepieces: Arbitrary file write in git-sync via path traversal and symlinks

Activepieces is an open source AI workflow automation platform. Prior to 0.82.0, the git-sync feature clones a user-configured Git repository into a temporary directory on the server and then writes flow, table, and connection state into it before pushing back, and two separate weaknesses allowed...

5.9CVSS
Exploits0References4
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-38974

A flaw was found in Dulwich. The contrib/paramikovendor.py component is missing Secure Shell SSH host key verification. This vulnerability allows a remote attacker to impersonate a legitimate Git server. By doing so, the attacker could potentially intercept sensitive information or execute...

8.8CVSS6.3AI score0.00145EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday90 views

Gogs 0.5.5 - 0.12.2 - Remote Code Execution

Gogs 0.5.5 through 0.12.2 is susceptible to authenticated remote code execution via the git hooks functionality. There can be a privilege escalation if access to this feature is granted to a user who does not have administrative privileges. NOTE: Since this is mentioned in the documentation but n...

7.2CVSS7.3AI score0.87153EPSS
Exploits4References4
NVD
NVD
added 2 days ago6 views

CVE-2026-49987

Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/core/git/gitCommand.ts execGitShallowClone passes the --remote-branch value directly to git fetch and git checkout without validation or --end-of-options, allowing --upload-pack or other Git option injection th...

7.5CVSS0.00697EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-49987 Repomix: Command Injection (RCE) via `--remote-branch` Argument Injection

Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/core/git/gitCommand.ts execGitShallowClone passes the --remote-branch value directly to git fetch and git checkout without validation or --end-of-options, allowing --upload-pack or other Git option injection th...

7.5CVSS0.00697EPSS
Exploits0References3
OSV
OSV
added 2 days ago4 views

CVE-2026-49987 Repomix: Command Injection (RCE) via `--remote-branch` Argument Injection

Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/core/git/gitCommand.ts execGitShallowClone passes the --remote-branch value directly to git fetch and git checkout without validation or --end-of-options, allowing --upload-pack or other Git option injection th...

7.5CVSS6.2AI score0.00697EPSS
Exploits0References5
Rockylinux
Rockylinux
added 2 days ago4 views

git-lfs security update

An update is available for git-lfs. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage LFS replaces large files such as audio samples, video...

7.5CVSS7AI score0.00813EPSS
Exploits0
OSV
OSV
added 2 days ago4 views

RLSA-2026:39272 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME...

7.5CVSS7AI score0.00813EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2 days ago6 views

git-lfs security update

An update is available for git-lfs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage LFS replaces large files such as audio samples, videos...

7.5CVSS7AI score0.00813EPSS
Exploits0
OSV
OSV
added 2 days ago4 views

RLSA-2026:39319 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME...

7.5CVSS7AI score0.00813EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2 days ago5 views

git-lfs security update

An update is available for git-lfs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage LFS replaces large files such as audio samples, videos...

7.5CVSS7AI score0.00813EPSS
Exploits0
Rows per page
Query Builder