Microsoft Visual Studio Products (April 2026)

The Microsoft Visual Studio Products are missing a security update. It is, therefore, affected by an information disclosure vulnerability: - It is possible to obtain a user's NTLM hash by tricking them into cloning a malicious repository, or checking out a malicious branch that accesses an...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the UpdateRepoFile function. An attacker can execute arbitrary system commands by updating files within the .git directory remotely via API router. This vulnerability is a bypass for the one addressed in...

MiracleLinux 7 : git-1.8.3.1-21.el7 (AXSA:2020-4429:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-4429:01 advisory. git: Remote code execution in recursive clones with nested submodules CVE-2019-1387 Tenable has extracted the preceding description block directly from the...

CVE-2025-58763 Tautulli vulnerable to Authenticated Remote Code Execution via Command Injection

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. A command injection vulnerability in Tautulli v2.15.3 and prior allows attackers with administrative privileges to obtain remote code execution on the application server. This vulnerability requires the application to...

UBUNTU-CVE-2024-6257

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...