OS Command Injection

@siteboon/claude-code-ui is vulnerable to OS Command Injection. The vulnerability is due to the use of execAsync with string interpolation of user-controlled Git parameters such as file, branch, message, and commit, which allows an authenticated attacker to execute arbitrary OS commands...

Arbitrary Command Injection

Overview @siteboon/claude-code-ui is an A web-based UI for Claude Code CLI Affected versions of this package are vulnerable to Arbitrary Command Injection in the handling of user-supplied parameters in multiple Git-related API endpoints, including file, branch, message, and commit, which are...

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.2.0 and 1.123.8 contained a code injection vulnerability. This vulnerability stemmed from the ability of authorized authenticated users to chain-utilize the Read/Write Files from Disk node with g...

AlmaLinux 10 : git (ALSA-2025:11533)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:11533 advisory. git: Git does not sanitize URLs when asking for credentials interactively CVE-2024-50349 git: Newline confusion in credential helpers can lead to...

EUVD-2010-2546

Malware in sbrugna...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.9 bug fix and security update

Red Hat OpenShift Container Platform release 4.19.9 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a...

Security update for salt

This update for salt fixes the following issues: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal vulnerability...

SUSE CVE-2010-2542

Stack-based buffer overflow in the isgitdirectory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy...

Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy.

...

Mail.ru: Access to git & and configuration files on backtoschool.geekbrains.ru via gitfile

Leaking sensitive application data in configuration files at backtoschool.geekbrains.ru...

BTFS: .git file accessible on remote.bittorrent.com

Hi team, i detected your .git file accessible for any unauthorized user. url : https://remote.bittorrent.com/static/webui/.git/config HTTP/1.1 200 OK Set-Cookie: BTURT=talon-i-0837bbfadd509c546-2; path=/; domain=.utorrent.com Server: TornadoServer/2.1.1git Connection: keep-alive Content-Length: 2...

CVE-2017-1000451

fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...

SUSE-SU-2015:0834-1 Security update for emacs

Emacs has been updated to fix the following issues: Several cases of insecure usage of temporary files. CVE-2014-3421, CVE-2014-3422, CVE-2014-3423, CVE-2014-3424 Use of vc-annotate for renamed files when using Git. bnc854683 Security Issues: CVE-2014-3421 CVE-2014-3422 CVE-2014-3423 CVE-2014-342...

CVE-2010-2542

Stack-based buffer overflow in the isgitdirectory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy...