CVE-2026-25232 Gogs has a Protected Branch Deletion Bypass in Web Interface

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...

Gogs 安全漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Gogs versions 0.13.4 and earlier have security vulnerabilities; these...

Gogs 安全漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Gogs versions 0.13.4 and earlier have security vulnerabilities. These...

GO-2026-4448 Gogs's update .git/config file allows remote command execution in gogs.io/gogs

Gogs's update .git/config file allows remote command execution in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, plea...

GO-2026-4453 Gogs has arbitrary file read/write via Path Traversal in Git hook editing in gogs.io/gogs

Gogs has arbitrary file read/write via Path Traversal in Git hook editing in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

Advisory ROSA-SA-2026-3145

Software: git 2.43.5 OS: ROSA Virtualization 3.1 unaffected versions = git-2.43.5-3.rv31 affected versions git-2.43.5-3.rv31 CVE-ID: CVE-2023-25652 BDU-ID: 2023-03859 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Git distributed version control system is related to flaws in the directory path...

Advisory ROSA-SA-2026-3140

Software: git 2.43.5 OS: ROSA Virtualization 3.0 unaffected versions = git-2.43.5-3.rv30 affected versions git-2.43.5-3.rv30 CVE-ID: CVE-2023-25652 BDU-ID: 2023-03859 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Git distributed version control system is related to flaws in the directory path...

Advisory ROSA-SA-2026-3135

Software: git 2.43.5 OS: ROSA Virtualization 2.1 unaffected versions = git-2.43.5-3.rv3 affected versions git-2.43.5-3.rv3 CVE-ID: CVE-2023-25652 BDU-ID: 2023-03859 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Git distributed version control system is related to flaws in the directory path na...

CVE-2026-26268

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...

Exploit for OS Command Injection in Gitea

Gitea Git Hooks RCE CVE-2020-14144 OffsecProvingGrounds P...

CVE-2026-26268

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...

CVE-2026-26268 Cursor sandbox escape via Git hooks

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...

CVE-2026-26268

Cursor code editor contains a sandbox-escape vulnerability: prior to v2.5, a malicious agent could write to protected .git settings (including hooks), enabling out-of-sandbox RCE on next trigger without user interaction. Affected versions are before 2.5; fix is in 2.5. CVSSv3.1 metrics indicate h...

CVE-2026-26268 Cursor sandbox escape via Git hooks

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...

CVE-2026-26268 Cursor sandbox escape via Git hooks

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...

n8n Node.js Package < 1.123.10 / 2.x < 2.5.0 OS Command Injection (CVE-2026-25053)

The version of the n8n Node.js Package installed on the remote host is prior to 1.123.10, or 2.x prior to 2.5.0. It is, therefore, affected by a command injection vulnerability: - Vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute...

PT-2026-8013

Name of the Vulnerable Software and Affected Versions Cursor versions prior to 2.5 Description A sandbox escape allows for remote code execution RCE when the AI agent autonomously performs Git operations. A malicious actor can hide scripts within hidden Git hooks in nested bare repositories or us...

SUSE CVE-2026-25934

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would like...

MiracleLinux 8 : git-lfs-3.4.1-7.el8_10 (AXSA:2026-164:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2026-164:01 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 Tenable has extracted the preceding...

GitLab 18.0 < 18.6.6 / 18.7 < 18.7.4 / 18.8 < 18.8.4 (CVE-2025-12073)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an...