CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

60 matches found

GitList < 0.6.0 Remote Code Execution

klaussilveira GitList version = 0.6 contains a passing incorrectly sanitized input via the searchTree function that can result in remote code execution. id: CVE-2018-1000533 info: name: GitList 0.6.0 Remote Code Execution author: pikpikcu severity: critical description: klaussilveira GitList...

9.8CVSS7.6AI score0.75859EPSS

Exploits2References5

RedhatCVE•added 2026/06/06 6:43 p.m.•13 views

CVE-2026-46390

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenticated browsing of git repositories and git history. Version 26.0.0 patches the issue...

6.9CVSS5.5AI score0.0027EPSS

Exploits0References1

NVD•added 2026/06/05 7:16 p.m.•11 views

CVE-2026-46390

6.9CVSS0.0027EPSS

Exploits0References1

Cvelist•added 2026/06/05 6:16 p.m.•28 views

CVE-2026-46390 HAX CMS has Unauthenticated Git Access via User-Controlled Key

6.9CVSS0.0027EPSS

Exploits0References1

CVE•added 2026/06/05 6:16 p.m.•20 views

CVE-2026-46390

HAX CMS (PHP/Node.js backends) is affected by an unauthenticated access issue in the gitlist plugin. From version 2.0.0 up to, but not including, 26.0.0, the gitlist plugin is exposed to unauthenticated users, enabling browsing of git repositories and git history without authentication. Version 2...

6.9CVSS5.5AI score0.0027EPSS

Exploits0References1

EUVD•added 2026/06/05 6:16 p.m.•8 views

EUVD-2026-34881

6.9CVSS5.5AI score0.0027EPSS

Exploits0References1

Vulnrichment•added 2026/06/05 6:16 p.m.•9 views

CVE-2026-46390 HAX CMS has Unauthenticated Git Access via User-Controlled Key

6.9CVSS5.5AI score0.0027EPSS

Exploits0References1

ATTACKERKB•added 2026/06/05 6:16 p.m.•6 views

CVE-2026-46390

6.9CVSS5.5AI score0.0027EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/06/05 12:0 a.m.•13 views

PT-2026-47028

Name of the Vulnerable Software and Affected Versions HAX CMS versions 2.0.0 through 25.x Description The gitlist plugin is exposed to unauthenticated users, which allows them to browse git repositories and git history without authentication. Recommendations Update to version 26.0.0...

6.9CVSS5.5AI score0.0027EPSS

Exploits0References4

CNNVD•added 2026/06/05 12:0 a.m.•8 views

HAX 安全漏洞

HAX is an open-source microsite managed using HAX+CMS with a PHP backend. Versions of HAX from 2.0.0 to 26.0.0 had security vulnerabilities. These vulnerabilities stemmed from the gitlist plugin exposing unauthenticated users, allowing unauthenticated users to browse git repositories and git...

6.9CVSS5.4AI score0.0027EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2013-7158

Malware in sbrugna...

7.5CVSS6.4AI score0.08483EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2014-4922

Malware in sbrugna...

6.8CVSS6.4AI score0.03358EPSS

Exploits1References3

RedhatCVE•added 2025/05/22 6:21 a.m.•6 views

CVE-2013-7392

Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/...

7.5CVSS8AI score0.08483EPSS

Exploits1References1

Check Point Advisories•added 2021/11/28 12:0 a.m.•9 views

GitList Remote Code Execution (CVE-2018-1000533)

A remote code execution vulnerability exists in GitList. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS9.6AI score0.75859EPSS

Exploits2

Exploit DB•added 2018/07/09 12:0 a.m.•26 views

GitList 0.6.0 - Argument Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "GitList v0.6.0 Argument Injection Vulnerability", 'Description' = %q This module exploits an argument injection vulnerability in GitList v0.6.0...

7.4AI score

Exploits0

0day.today•added 2018/07/08 12:0 a.m.•64 views

GitList 0.6.0 Argument Injection Exploit

This Metasploit module exploits an argument injection vulnerability in GitList version 0.6.0. The vulnerability arises from GitList improperly validating input using the php function 'escapeshellarg'. This module requires Metasploit: https://metasploit.com/download Current source:...

0.7AI score

Exploits0

Packet Storm•added 2018/07/07 12:0 a.m.•32 views

GitList 0.6.0 Argument Injection

0.1AI score

Exploits0

Circl•added 2018/07/06 7:46 p.m.•4 views

CVE-2018-1000533

creationtimestamp| type| source ---|---|--- 2018-07-06 19:46:25+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/gitlistarginjection.rb...

9.8CVSS7.3AI score0.75859EPSS

Exploits2References1

Metasploit•added 2018/07/03 7:27 p.m.•45 views

GitList v0.6.0 Argument Injection Vulnerability

This module exploits an argument injection vulnerability in GitList v0.6.0. The vulnerability arises from GitList improperly validating input using the php function 'escapeshellarg'. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS9.7AI score0.75859EPSS

Exploits2

NVD•added 2018/06/26 4:29 p.m.•13 views

CVE-2018-1000533

klaussilveira GitList version = 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in searchTree function that can result in Execute any code as PHP user. This attack appear to be exploitable via Send POST request using search form. This vulnerability appears to...

9.8CVSS9.6AI score0.75859EPSS

Exploits2References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by