Lucene search
K

171 matches found

NVD
NVD
added 2026/06/23 5:17 p.m.7 views

CVE-2026-49465

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push...

7.7CVSS0.00495EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.18 views

PT-2026-51386

Name of the Vulnerable Software and Affected Versions mise versions prior to 2026.3.10 Description mise processes .tool-versions files using the Tera template engine, which includes a registered exec function that allows for arbitrary command execution. In the default non-paranoid mode,...

9.6CVSS6AI score0.00685EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.16 views

CVE-2026-46390

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenticated browsing of git repositories and git history. Version 26.0.0 patches the issue...

6.9CVSS5.5AI score0.0027EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 6:16 p.m.25 views

CVE-2026-46390

HAX CMS (PHP/Node.js backends) is affected by an unauthenticated access issue in the gitlist plugin. From version 2.0.0 up to, but not including, 26.0.0, the gitlist plugin is exposed to unauthenticated users, enabling browsing of git repositories and git history without authentication. Version 2...

6.9CVSS5.5AI score0.0027EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/05 6:16 p.m.32 views

CVE-2026-46390 HAX CMS has Unauthenticated Git Access via User-Controlled Key

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenticated browsing of git repositories and git history. Version 26.0.0 patches the issue...

6.9CVSS0.0027EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 6:16 p.m.9 views

EUVD-2026-34881

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenticated browsing of git repositories and git history. Version 26.0.0 patches the issue...

6.9CVSS5.5AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/01 10:3 p.m.12 views

CVE-2026-45625

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps source repositories and their stored credentials. Eig...

9.9CVSS5.8AI score0.00387EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 6:17 p.m.13 views

CVE-2026-45625

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps source repositories and their stored credentials. Eig...

9.9CVSS0.00387EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 5:10 p.m.43 views

CVE-2026-45625 Arcane: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps configs

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps source repositories and their stored credentials. Eig...

9.9CVSS0.00387EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 5:10 p.m.12 views

EUVD-2026-33373

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps source repositories and their stored credentials. Eig...

9.9CVSS5.8AI score0.00387EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 5:10 p.m.10 views

CVE-2026-45625 Arcane: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps configs

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps source repositories and their stored credentials. Eig...

9.9CVSS5.8AI score0.00387EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:10 p.m.12 views

CVE-2026-45625

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps source repositories and their stored credentials. Eig...

9.9CVSS5.8AI score0.00387EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/29 5:10 p.m.26 views

CVE-2026-45625

CVE-2026-45625 (Arcane) : The huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync without admin enforcement. Eight endpoints bypass checkAdmin(ctx), allowing any authenticated user (default role: user) to list, create, modify, delete, an...

9.9CVSS5.8AI score0.00387EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/18 1:44 p.m.14 views

Arcane Backend: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps configs

Summary Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps source repositories and their stored credentials. Eight of those endpoints list, create, get, update, delete, test, listBranches, browseFiles never...

9.9CVSS5.8AI score0.00387EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.19 views

PT-2026-41692

Name of the Vulnerable Software and Affected Versions Arcane versions prior to 1.19.0 Description Arcane improperly exposes Git repository management endpoints to any authenticated user, allowing low-privileged accounts to modify repository configurations, exfiltrate stored Git credentials, acces...

9.9CVSS5.8AI score0.00387EPSS
Exploits0References11
Veracode
Veracode
added 2026/05/16 5:33 a.m.7 views

Arbitrary File Read

Portainer Community Edition is vulnerable to Arbitrary File Read. The vulnerability is due to improper handling of symbolic links in Git-backed stack repositories, where symlinked stack files are created without validation and later followed during file reads, allowing authenticated attackers to...

9.9CVSS5.9AI score0.00416EPSS
Exploits2References3Affected Software1
Fedora
Fedora
added 2026/05/15 2:34 a.m.17 views

[SECURITY] Fedora 44 Update: GitPython-3.1.50-1.fc44

GitPython is a python library used to interact with git repositories, high-level like git-porcelain, or low-level like git-plumbing. It provides abstractions of git objects for easy access of repository data, a nd additionally allows you to access the git repository more directly using eith er a...

8.8CVSS5.8AI score0.00719EPSS
Exploits1
OSV
OSV
added 2026/05/07 7:16 p.m.3 views

UBUNTU-CVE-2026-44244

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.setvalue passes values to Python's configparser without validating for newlines. GitPython's own write converts embedded newlines into indented continuation lines e.g. \n becomes \n\t, b...

7.8CVSS5.8AI score0.00237EPSS
Exploits1References3
OSV
OSV
added 2026/05/07 7:16 p.m.8 views

UBUNTU-CVE-2026-44243

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory...

8.8CVSS5.7AI score0.00419EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/07 6:31 a.m.15 views

Spring Cloud Config Server Susceptible To TOCTOU Attack

The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. - Spring Cloud Config 3.0.x: affected from 3.0.0 through 3.0.7 inclusive; no open-source upgrade available. -...

8.1CVSS5.2AI score0.0022EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder