CVE-2026-6951

A flaw was found in simple-git. A remote attacker could exploit this vulnerability by providing specially crafted input to the options argument, bypassing a previous security fix. This incomplete fix allows an attacker to enable certain protocol extensions, which could lead to remote code executi...

CLSA-2026-1778005827 git: Fix of CVE-2025-46835

CVE-2025-46835: fix Git GUI from creating and overwriting arbitrary files when editing a file in a maliciously crafted repository directory...

Remote Code Execution (RCE)

simple-git is vulnerable to Remote Code Execution RCE. The vulnerability is due to incomplete validation of command options allowing the --config form to bypass restrictions, which allows an attacker to inject malicious options and execute arbitrary code...

actix-web-opentelemetry (>=0.2.0 <=0.17.0), alopex-dataframe (=0.2.0) +197 more potentially affected by CVE-2026-43868 via thrift (>=0.0.4 <=0.17.0)

thrift CARGO version =0.0.4, =0.2.0, =0.3.0, =0.3.5, =0.3.5, =0.2.0, =0.7.0, =0.1.0, =0.1.0, =0.32.1, =0.2.1, =0.5.0 and more Source cves: CVE-2026-43868 Source advisory: OSV:GHSA-2F9F-GQ7V-9H6M...

OPENSUSE-SU-2026:20676-1 Security update for build, product-composer

This update for build, product-composer fixes the following issues: Changes in build: - Support a new "IgnoreRebuild" config. - build-recipe-kiwi: Add support for oci containers Avoid needlessly compressing container images Detect container images based on build result file name - Fix queryrecipe...

CVE-2026-7812

A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function gitoperation of the file src/codemcp/server.py of the component MCP Tool. Performing a manipulation of the argument operation results in command injection. The attack...

CVE-2026-7812 54yyyu code-mcp MCP Tool server.py git_operation command injection

A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function gitoperation of the file src/codemcp/server.py of the component MCP Tool. Performing a manipulation of the argument operation results in command injection. The attack...

CVE-2026-7812

CVE-2026-7812 describes a remote command injection in 54yyyu code-mcp MCP Tool. The vulnerability affects the function git_operation in src/code_mcp/server.py, exploitable by manipulating the operation argument. An exploit has been published, and the attack can be initiated remotely with low comp...

CVE-2026-7812 54yyyu code-mcp MCP Tool server.py git_operation command injection

A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function gitoperation of the file src/codemcp/server.py of the component MCP Tool. Performing a manipulation of the argument operation results in command injection. The attack...

CVE-2026-7812

A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function gitoperation of the file src/codemcp/server.py of the component MCP Tool. Performing a manipulation of the argument operation results in command injection. The attack...

[SECURITY] Fedora 44 Update: rust-sequoia-git-0.6.0-1.fc44

A tool for managing and enforcing a commit signing policy...

PT-2026-37362

These are all security issues fixed in the cf-cli-8.18.3+git.0.83ce51d9c-1.1 package on the GA media of openSUSE Tumbleweed...

Fedora 42 : rust-sequoia-git (2026-6f64d2e143)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-6f64d2e143 advisory. Update to version 0.6.0. Addresses RUSTSEC-2026-0109. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Fedora 44 : rust-sequoia-git (2026-0a72408e1b)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-0a72408e1b advisory. Update to version 0.6.0. Addresses RUSTSEC-2026-0109. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Linux Distros Unpatched Vulnerability : CVE-2026-6951

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c opti...

Fedora 43 : rust-sequoia-git (2026-95ac9001e8)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-95ac9001e8 advisory. Update to version 0.6.0. Addresses RUSTSEC-2026-0109. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

PT-2026-38894

Summary attachments: pocs.zip Submodule names coming from .gitmodules are exposed as unvalidated names and are later reused to derive the submodule git directory as: /modules/ Because the submodule name is joined directly as a filesystem path component, a name such as ../../../escaped-target.git...

kernel security update

6.12.0-124.55.1 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list...

Code-MCP 注入漏洞

Code-MCP is an AI-integrated tool for terminal and file operations developed by Steven Yu. Code-MCP has a vulnerability that stems from the operation of the MCP Tool component in the gitoperation function located in the src/codemcp/server.py file. This vulnerability may lead to command injection...

PT-2026-38895

Summary Submodule name validation bypass plus missing validation in production code paths allows path traversal via crafted .gitmodules. Combined with a trust inheritance flaw in Submodule::open, this enables reading arbitrary git repository configs including credentials from traversed paths with...