10064 matches found
EUVD-2025-35593
Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories...
CVE-2025-11965
In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them e.g. '.git/config'...
CVE-2025-11965
In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them e.g. '.git/config'...
CVE-2025-11965
The CVE-2025-11965 issue affects Eclipse Vert.x: versions 4.0.0–4.5.21 and 5.0.0–5.0.4 contain a misconfiguration in StaticHandler that fails to restrict access to hidden directories, enabling unauthorized access to files inside them (for example, .git/config). The available connected documents c...
git-bug-0.10.1-2.1 on GA media (moderate)
git-bug-0.10.1-2.1 on GA media Announcement ID: openSUSE-SU-2025:15654-1 Rating: moderate Cross-References: CVE-2025-47911 CVE-2025-58190 CVSS scores: CVE-2025-47911 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-47911 SUSE : 6.9...
JLSEC-2025-185 libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a...
libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitrevparsesingle can cause the function to enter an infinite loop, potentially causing a Denial ...
Command Injection
@anthropic-ai/claude-code is vulnerable to Command Injection. The vulnerability is due to the application executing a command templated with git config user.email at startup without validating or sanitizing the input, which allows an attacker to use a maliciously configured Git user email to...
OPENSUSE-SU-2025:15654-1 git-bug-0.10.1-2.1 on GA media
These are all security issues fixed in the git-bug-0.10.1-2.1 package on the GA media of openSUSE Tumbleweed...
SUSE CVE-2025-41390
An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially crafted repository can lead to a arbitrary code execution. An attacker can provide a malicious respository to trigger this vulnerability...
CVE-2025-41390
A flaw was found in the git functionality of TruffleHog. Scanning a specially crafted git repository copied file-for-file, such as via tar, cp, rsync or other tools, with a malicious core.fsmonitor configuration option specified in the .git/config file can cause arbitrary code execution. Mitigati...
CVE-2025-41390
An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially crafted repository can lead to a arbitrary code execution. An attacker can provide a malicious respository to trigger this vulnerability...
Unsafe Dependency Resolution
Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the core.fsmonitor configuration option in the .git/config file. An attacker can execute arbitrary code by convincing a user or tool to scan a specially crafted repository that contains a malicious...
Unsafe Dependency Resolution
Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the core.fsmonitor configuration option in the .git/config file. An attacker can execute arbitrary code by convincing a user or tool to scan a specially crafted repository that contains a malicious...
Unsafe Dependency Resolution
Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the core.fsmonitor configuration option in the .git/config file. An attacker can execute arbitrary code by convincing a user or tool to scan a specially crafted repository that contains a malicious...
Unsafe Dependency Resolution
Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the core.fsmonitor configuration option in the .git/config file. An attacker can execute arbitrary code by convincing a user or tool to scan a specially crafted repository that contains a malicious...
Unsafe Dependency Resolution
Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the core.fsmonitor configuration option in the .git/config file. An attacker can execute arbitrary code by convincing a user or tool to scan a specially crafted repository that contains a malicious...
CVE-2025-41390
CVE-2025-41390 concerns an arbitrary code execution in TruffleHog 3.90.2 through the Git core.fsmonitor handling. A specially crafted repository (e.g., copied file-for-file via tar/cp/rsync) can trigger execution when Git operations are invoked by tooling, due to a malicious core.fsmonitor value ...
CVE-2025-41390
An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially crafted repository can lead to a arbitrary code execution. An attacker can provide a malicious respository to trigger this vulnerability...
Unsafe Dependency Resolution
Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the core.fsmonitor configuration option in the .git/config file. An attacker can execute arbitrary code by convincing a user or tool to scan a specially crafted repository that contains a malicious...
Truffle Security Co. TruffleHog git arbitrary code execution vulnerability
Talos Vulnerability Report TALOS-2025-2243 Truffle Security Co. TruffleHog git arbitrary code execution vulnerability October 20, 2025 CVE Number CVE-2025-41390 SUMMARY An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially...