Lucene search
K

388 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-44936

Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials BasicAuth to any URL specified in the helm.repo...

5CVSS0.0037EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-44936

Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials BasicAuth to any URL specified in the helm.repo...

5CVSS6AI score0.0037EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41863

Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials BasicAuth to any URL specified in the helm.repo...

5CVSS6AI score0.0037EPSS
Exploits0References1
NVD
NVD
added 4 days ago10 views

CVE-2026-14722

A vulnerability was found in tiddly-gittly TidGi-Desktop up to 0.13.0. This impacts an unknown function of the file src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts of the component Git Repository Import. The manipulation results in code injection. The attack may be performed from...

7.5CVSS0.00315EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-14722 tiddly-gittly TidGi-Desktop Git Repository Import loadWikiTiddlersWithSubWikis.ts code injection

A vulnerability was found in tiddly-gittly TidGi-Desktop up to 0.13.0. This impacts an unknown function of the file src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts of the component Git Repository Import. The manipulation results in code injection. The attack may be performed from...

7.5CVSS0.00315EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2026-14722

A vulnerability was found in tiddly-gittly TidGi-Desktop up to 0.13.0. This impacts an unknown function of the file src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts of the component Git Repository Import. The manipulation results in code injection. The attack may be performed from...

7.5CVSS6.7AI score0.00315EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-41735

A vulnerability was found in tiddly-gittly TidGi-Desktop up to 0.13.0. This impacts an unknown function of the file src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts of the component Git Repository Import. The manipulation results in code injection. The attack may be performed from...

7.5CVSS6.7AI score0.00315EPSS
Exploits0References6
CVE
CVE
added 4 days ago14 views

CVE-2026-14722

TidGi-Desktop (tiddly-gittly) up to 0.13.0 is affected by a vulnerability in the Git Repository Import path, specifically src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts, enabling code injection. The issue is triggered by manipulation of the referenced function and is exploitable rem...

7.5CVSS6.7AI score0.00315EPSS
Exploits0References6
OSV
OSV
added 2026/07/01 8:45 p.m.3 views

GHSA-HX4V-CXPF-VH8M Rancher Fleet has SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml

Impact A vulnerability has been identified in Fleet when the helmRepoURLRegex field isn't set on a GitRepo resource. Fleet's bundle reader forwards Helm authentication credentials BasicAuth to any URL specified in the helm.repo field of a fleet.yaml file. An attacker with git push access to a...

5CVSS5.8AI score0.0037EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 8:45 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the helm.repo process when the helmRepoURLRegex field is not set on a GitRepo resource. An attacker with git push access to a monitored repository can cause the system to forward Helm authentication...

5.3CVSS6.1AI score0.0037EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 8:45 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the helm.repo process when the helmRepoURLRegex field is not set on a GitRepo resource. An attacker with git push access to a monitored repository can cause the system to forward Helm authentication...

5.3CVSS6.1AI score0.0037EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 8:45 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the helm.repo process when the helmRepoURLRegex field is not set on a GitRepo resource. An attacker with git push access to a monitored repository can cause the system to forward Helm authentication...

5.3CVSS6.1AI score0.0037EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-55202

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 0.15.2 Fleet versions prior to 0.14.6 Fleet versions prior to 0.13.11 Fleet versions prior to 0.12.15 Description An issue exists when the webhook endpoint is configured without a secret, allowing unauthenticated...

8.3CVSS5.9AI score0.00496EPSS
Exploits0References6
CVE
CVE
added 2026/06/30 3:12 p.m.10 views

CVE-2026-44948

CVE-2026-44948 describes a path traversal vulnerability in Rancher Fleet’s ImageScan subsystem, specifically in the GitRepo Path Handler. Affected versions are Rancher Fleet 0.12.0–0.12.16, 0.13.0–0.13.12, 0.14.0–0.14.7, and 0.15.0–0.15.3. The issue allows traversal outside the intended directory...

5.3CVSS5.7AI score0.00292EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 4:41 p.m.27 views

CVE-2026-55487 pnpm: manifest identity spoof satisfies allowBuilds and runs attacker lifecycle

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one source string could therefore authorize a different attacker-controlled source whose locator...

7.5CVSS0.00118EPSS
Exploits1References1
OSV
OSV
added 2026/06/24 11:4 p.m.8 views

MAL-2026-6423 Malicious code in leo-connector-elasticsearch (npm)

The leo-connector-elasticsearch npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

6AI score
Exploits0References3
NVD
NVD
added 2026/06/24 6:17 p.m.8 views

CVE-2026-48719

Warp is an agentic development environment. From 0.2025.08.06.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by...

8CVSS0.00948EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 3:55 p.m.14 views

EUVD-2026-38486

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator...

8.9CVSS5.9AI score0.00331EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/20 4:43 p.m.7 views

CVE-2026-5366

Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the GitRepository storage class. The commitsha parameter, which is passed to git commands, lacks validation and does not include a -- separator to distinguish user input from git...

9.9CVSS6.8AI score0.00874EPSS
Exploits3References2
CVE
CVE
added 2026/06/20 4:43 p.m.59 views

CVE-2026-5366

CVE-2026-5366 affects Prefect v3.6.23, where the vulnerability resides in the GitRepository storage class. The commit_sha parameter passed to git commands lacks validation and does not use a -- separator, enabling an attacker to inject git flags (e.g., --upload-pack) and potentially execute arbit...

9.9CVSS8.1AI score0.00874EPSS
Exploits3References1Affected Software1
Rows per page
Query Builder