Lucene search
K

63 matches found

EUVD
EUVD
β€’added 2026/07/02 5:50 p.m.β€’12 views

EUVD-2026-36195

Dulwich's submodule path traversal in porcelain.submoduleupdate / porcelain.clonerecursesubmodules=True yields RCE via attacker-dropped .git/hooks payload...

7.5CVSS5.8AI score0.00448EPSS
Exploits0References3
OSV
OSV
β€’added 2026/07/02 5:50 p.m.β€’7 views

GHSA-GFHV-VQV2-4544 Dulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE via attacker-dropped .git/hooks payload

Summary dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted upstream repository without path validation. A malicious .gitmodules plus a matching tree gitlink whose path is .git/hooks or any...

7.5CVSS6.4AI score0.00448EPSS
Exploits0References4
CVE
CVE
β€’added 2026/06/24 8:33 p.m.β€’24 views

CVE-2026-52813

CVE-2026-52813 (Gogs) involves a path traversal flaw in organization names that contain ../ sequences, causing writes to arbitrary filesystem paths. The root cause is insufficient sanitization in internal/database/org.go (and related repo path logic), enabling an attacker to nest Git repositories...

10CVSS6.1AI score0.01107EPSS
In wildExploits0References4
OSV
OSV
β€’added 2026/06/23 5:10 p.m.β€’4 views

GHSA-C39W-43GM-34H5 Gogs has Path Traversal in organization name that results in RCE through Git hooks

Summary Organization names containing path traversal sequences ../ are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allows storing/retrieving data for repositories at arbitrary locations on the filesystem. By creating nested structure of...

10CVSS6.1AI score0.01107EPSS
Exploits0References5
Github Security Blog
Github Security Blog
β€’added 2026/06/23 5:10 p.m.β€’12 views

Gogs has Path Traversal in organization name that results in RCE through Git hooks

Summary Organization names containing path traversal sequences ../ are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allows storing/retrieving data for repositories at arbitrary locations on the filesystem. By creating nested structure of...

10CVSS6.1AI score0.01107EPSS
Exploits0References5Affected Software1
CVE
CVE
β€’added 2026/06/17 2:8 p.m.β€’23 views

CVE-2026-55743

OpenHuman desktop agent (before 0.54.0, fixed in 0.56.0) contains two policy flaws in src/openhuman/security/policy.rs that bypass the shell allowlist, enabling remote code execution via indirect prompt injection. First, is_args_safe() blocks -exec and -ok while not blocking -execdir/-okdir (whic...

9.6CVSS6.7AI score0.00704EPSS
Exploits0References3
SUSE CVE
SUSE CVE
β€’added 2026/06/12 2:25 a.m.β€’10 views

SUSE CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.7AI score0.00448EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
β€’added 2026/06/11 12:0 a.m.β€’14 views

Linux Distros Unpatched Vulnerability : CVE-2026-52726

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5,...

9CVSS7.5AI score0.25334EPSS
Exploits32References4
NVD
NVD
β€’added 2026/06/10 11:16 p.m.β€’25 views

CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS0.00448EPSS
Exploits0References2
Snyk
Snyk
β€’added 2026/06/10 11:12 p.m.β€’7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the porcelain.submoduleupdate module when handling attacker-controlled submodule paths from a crafted upstream repository without proper path validation. An attacker can achieve arbitrary code execution by crafti...

8.3CVSS6.1AI score0.00448EPSS
Exploits0References2
Debian CVE
Debian CVE
β€’added 2026/06/10 10:13 p.m.β€’9 views

CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.8AI score0.00448EPSS
Exploits0
Vulnrichment
Vulnrichment
β€’added 2026/06/10 10:13 p.m.β€’8 views

CVE-2026-52726 Dulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE via attacker-dropped .git/hooks payload

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.8AI score0.00448EPSS
Exploits0References2
Cvelist
Cvelist
β€’added 2026/06/10 10:13 p.m.β€’31 views

CVE-2026-52726 Dulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE via attacker-dropped .git/hooks payload

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS0.00448EPSS
Exploits0References2
CVE
CVE
β€’added 2026/06/10 10:13 p.m.β€’26 views

CVE-2026-52726

Technical details about CVE-2026-52726 are not publicly provided in the supplied documents; monitor for updates.

7.5CVSS5.8AI score0.00448EPSS
Exploits0References2
OSV
OSV
β€’added 2026/06/10 10:13 p.m.β€’5 views

CVE-2026-52726 Dulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE via attacker-dropped .git/hooks payload

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS6.2AI score0.00448EPSS
Exploits0References4
Positive Technologies
Positive Technologies
β€’added 2026/06/10 12:0 a.m.β€’22 views

PT-2026-48568

πŸ”΄ CVE-2026-52726 is being exploited for RCE: attackers can drop malicious .git/hooks payloads via Dulwich's submodule path traversal flaw. This bypasses standard protections. Patch immediately to prevent full compromise. NerdieNews CyberSecurity Vulnerability https://t.co/tIoG1l3nqd...

7.5CVSS5.4AI score0.00448EPSS
Exploits0References12
CNNVD
CNNVD
β€’added 2026/06/10 12:0 a.m.β€’20 views

Dulwich θ·―εΎ„ιεŽ†ζΌζ΄ž

Dulwich is a Python-based Git repository management interface developed by Jelmer Vernooij. Versions of Dulwich from 0.23.2 to 1.2.5 contained a path traversal vulnerability. This vulnerability stemmed from the porcelain.submoduleupdate method not verifying the submodule paths properly. As a...

7.5CVSS5.6AI score0.00448EPSS
Exploits0References1
Snyk
Snyk
β€’added 2026/06/02 9:0 p.m.β€’9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that hides inside binary executable files triggered by a postinstall script. IronWorm is a sophisticated, Rust-based infostealer that functions as a self-replicating supply-chain attack. Its primary characteristi...

9.8CVSS5.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
β€’added 2026/05/08 12:0 a.m.β€’26 views

Linux Distros Unpatched Vulnerability : CVE-2026-44244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.setvalue passes values to Python's configparser...

7.8CVSS7.2AI score0.00237EPSS
Exploits1References3
HackRead
HackRead
β€’added 2026/04/29 9:1 a.m.β€’21 views

Cursor AI IDE vulnerability allows code execution via hidden Git hooks

Novee researchers find high-severity CVE-2026-26268 flaw in Cursor AI, allowing hackers to run malicious code when developers clone repositories...

9.9CVSS5.3AI score0.0049EPSS
Exploits0
Rows per page
Query Builder