9929 matches found
CVE-2026-30461
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution RCE vulnerability via the /controllers/Installer.php and the function addgitsubmodule...
Security Bulletin: Go-getter may allow to arbitrary filesystem reads through git operations
Summary HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and...
SUSE-SU-2026:1411-1 Security update for terraform-provider-local, terraform-provider-random, terraform-provider-tls
This update for terraform-provider-local, terraform-provider-random, terraform-provider-tls fixes the following issue: - CVE-2026-25934: github.com/go-git/go-git/v5: improper verification of data integrity values for .pack and .idx files that can lead to the consumption of corrupted files...
CLSA-2026-1776336504 git-lfs: Fix of CVE-2026-25679
Rebuild with Go 1.25.8 to fix Go standard library CVE - CVE-2026-25679: reject invalid IPv6 host literals in net/url.Parse to prevent URL validation bypass...
EUVD-2026-23161
radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git not a release, the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1...
PT-2026-33247
radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git not a release, the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1...
PYSEC-2026-154
Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...
PYSEC-2026-154
Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...
CVE-2026-33435
Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...
EUVD-2026-22976
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution RCE vulnerability via the /controllers/Installer.php and the function addgitsubmodule...
CVE-2026-32631
Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses a...
CVE-2026-33435
Weblate: Remote code execution during project backup restoration in versions prior to 5.17 due to backups not filtering Git/Mercurial config files. Fixed in 5.17. Remediation: upgrade to 5.17+ or restrict access to backups (backups are only accessible to users who can create projects).
CVE-2026-33435 Weblate: Remote code execution during backup restoration
Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...
CVE-2026-32631 Git for Windows: `git clone` from manipulated repositories can leak NTLM hashes to arbitrary servers
Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses a...
CVE-2026-32631 Git for Windows: `git clone` from manipulated repositories can leak NTLM hashes to arbitrary servers
Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses a...
EUVD-2026-22991
Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses a...
CVE-2026-32631
Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses a...
CVE-2026-32631
Git for Windows prior to 2.53.0.windows.3 is affected by an information disclosure vulnerability where an attacker can induce a user to clone a malicious repository or checkout a malicious branch that communicates with an attacker-controlled server, allowing extraction of the user’s NTLM hash. Th...
Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three are rated Moderate, and one i...
CVE-2026-30461
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution RCE vulnerability via the /controllers/Installer.php and the function addgitsubmodule...