CVE-2026-4496 sigmade Git-MCP-Server gitUtils.ts child_process.exec os command injection

A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function childprocess.exec of the file src/gitUtils.ts of the component showmergediff/quickmergesummary/showfilediff. The manipulation results in os command...

CVE-2026-4496

Sigmade Git-MCP-Server (up to commit 785aa159f262a02d5791a5d8a8e13c507ac42880) is affected. The vulnerability resides in the function child_process.exec in src/gitUtils.ts (component show_merge_diff/quick_merge_summary/show_file_diff) and allows local OS command injection. The attack requires loc...

CVE-2026-4496

A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function childprocess.exec of the file src/gitUtils.ts of the component showmergediff/quickmergesummary/showfilediff. The manipulation results in os command...

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware capable of stealing sensitive CI/CD secrets. The latest incident impacted GitHub Actions "aquasecurity/trivy-action" and...

PT-2026-26662

A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function child process.exec of the file src/gitUtils.ts of the component show merge diff/quick merge summary/show file diff. The manipulation results in os...

Git MCP Server 操作系统命令注入漏洞

Git MCP Server is an MCP server developed by Casey Hand individually. Git MCP Server has a vulnerability related to operating system command injection. This vulnerability stems from the use of the childprocess.exec function in the file gitUtils.ts, which contains commands like...

PT-2026-26490

Name of the Vulnerable Software and Affected Versions Soft Serve versions prior to 0.11.6 Description An authorization flaw exists in the repo import functionality, allowing any authenticated SSH user to clone server-local Git repositories, including private repositories belonging to other users,...

CVE-2026-32698

OpenProject contains a SQL injection via a custom field name in Cost Reports in versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1. The injected field name can be processed by the SQL query, enabling arbitrary SQL execution. The issue is compounded by another bug in the Repositories_module that...

Path traversal in Tekton Pipelines git resolver allows reading arbitrary files from the resolver pod

Summary The Tekton Pipelines git resolver is vulnerable to path traversal via the pathInRepo parameter. A tenant with permission to create ResolutionRequests e.g. by creating TaskRuns or PipelineRuns that use the git resolver can read arbitrary files from the resolver pod's filesystem, including...

GHSA-J5Q5-J9GM-2W5C Path traversal in Tekton Pipelines git resolver allows reading arbitrary files from the resolver pod

Summary The Tekton Pipelines git resolver is vulnerable to path traversal via the pathInRepo parameter. A tenant with permission to create ResolutionRequests e.g. by creating TaskRuns or PipelineRuns that use the git resolver can read arbitrary files from the resolver pod's filesystem, including...

curl: Exposed .git/config File Leading to Potential Sensitive Information Disclosure

Summary: The .git/config file is publicly accessible on the target server, which may expose sensitive repository configuration details. This indicates that the .git directory is improperly exposed, potentially allowing attackers to reconstruct the entire source code repository and extract sensiti...

[SECURITY] Fedora 44 Update: forgejo-14.0.3-1.fc44

Forgejo pronounced /for=CB=88d=CD=A1=CA=92e.jo/ is a lightweight software f orge. Use it to host git repositories, track their issues and allow people to contribute to them!...

OpenProject SQL注入漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 have a SQL injection vulnerability. This vulnerability arises from custom field names not being properly cleaned in SQL queries, which can allow SQL injection...

PT-2026-26214

Name of the Vulnerable Software and Affected Versions Tekton Pipelines versions 1.0.0 through 1.10.0...

EUVD-2026-12107

In Bun before 1.3.5, the default trusted dependencies list aka trust allow list can be spoofed by a non-npm package in the case of a matching name for file, link, git, or github...

CVE-2026-4198

A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may b...

Ubuntu: Security Advisory (USN-8088-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MCP Server to Auto commit changes 命令注入漏洞

MCP Server to Auto commit Changes is an AI tool developed by Hypermodel Inc for automatically generating Git commit messages. Version 1.0.0 of MCP Server to Auto commit Changes contains a command injection vulnerability. This vulnerability stems from incorrect operations on the getGitChanges...

CVE-2026-4198 hypermodel-labs mcp-server-auto-commit index.ts getGitChanges command injection

A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may b...

Exploit for CVE-2025-48757

🛡️ Supabase Sentinel A Claude Skill that audits your Supaba...