Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Metasploit
Metasploitadded 2026/06/03 7:1 p.m.89 views

Gogs Git Rebase Argument Injection RCE

This module exploits an argument injection vulnerability in the pull request merge flow of Gogs is parsed by Git as the --exec flag rather than a positional argument, causing sh -c to run after each replayed commit during the rebase. Two exploitation methods are supported: - ownrepo: The attacker...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessusadded 2026/04/17 12:0 a.m.2 views

Microsoft Visual Studio Products (April 2026)

The Microsoft Visual Studio Products are missing a security update. It is, therefore, affected by an information disclosure vulnerability: - It is possible to obtain a user's NTLM hash by tricking them into cloning a malicious repository, or checking out a malicious branch that accesses an...

7.4CVSS6.4AI score0.00086EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/04/15 5:26 p.m.1 views

CVE-2026-32631

Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses a...

7.4CVSS5.8AI score0.00086EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/15 12:0 a.m.3 views

PT-2026-33110

Name of the Vulnerable Software and Affected Versions Git for Windows versions prior to 2.53.0.windows.3 Description Git for Windows lacks protections that prevent attackers from obtaining a user's NTLM hash. An attacker can obtain the NTLMv2 hash by tricking users into cloning a malicious...

7.4CVSS6.4AI score0.00086EPSS
Exploits0References9
HackRead
HackReadadded 2026/03/30 8:53 p.m.2 views

OpenAI Codex Vulnerability Allowed Attackers to Steal GitHub Tokens

OpenAI Codex vulnerability allowed attackers to steal GitHub tokens via malicious branch names using hidden Unicode command injection flaw...

5.9AI score
Exploits0
Github Security Blog
Github Security Blogadded 2024/06/10 9:36 p.m.26 views

Composer has multiple command injections via malicious git/hg branch names

Impact The composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. So this requires cloning untrusted repositories. Patches 2.2.24 for 2.2 LTS or 2.7.7 for mainline Workarounds Avoid cloning potentially compromised...

8.8CVSS8.8AI score0.23787EPSS
Exploits0References7Affected Software1
CNNVD
CNNVDadded 2022/05/20 12:0 a.m.2 views

GoCD 命令注入漏洞

GoCD is a continuous delivery server. A security vulnerability exists in GoCD versions prior to 22.1.0. An attacker could exploit this vulnerability to gain remote code execution capability on a GoCD server by configuring malicious branch names that abuse Mercurial hooks/...

8.8CVSS8.7AI score0.05295EPSS
Exploits0References5
Rows per page
Query Builder