Lucene search
K

45 matches found

Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49604

Name of the Vulnerable Software and Affected Versions Buildah versions prior to 1.43.2 Buildah versions prior to 1.44 Podman versions prior to 5.8.3 Description When processing build contexts or add/copy instructions, a malicious server serving a Git repository or a tar archive file can cause fil...

6.3CVSS5.8AI score
Exploits0References5
EUVD
EUVD
added 2026/06/09 6:31 p.m.44 views

EUVD-2026-35707

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

8.8CVSS6.7AI score0.00945EPSS
Exploits0References5
OSV
OSV
added 2026/05/28 5:16 p.m.7 views

UBUNTU-CVE-2026-44465

Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution RCE when a victim open a folder in untrusted mode...

8.6CVSS6.1AI score0.00297EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/28 4:10 p.m.10 views

EUVD-2026-32937

Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution RCE when a victim open a folder in untrusted mode...

8.6CVSS6.1AI score0.00297EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.8 views

Zed 安全漏洞

Zed is a code editor developed by Zed Industries. Versions of Zed prior to 0.227.1 contained a security vulnerability. This vulnerability stemmed from the abuse of the core.fsmonitor Git configuration option when opening folders containing malicious.git/config files. This allowed attackers to...

8.6CVSS6.2AI score0.00297EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/16 6:58 p.m.6 views

Security Bulletin: Go-getter may allow to arbitrary filesystem reads through git operations

Summary HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and...

7.5CVSS5.8AI score0.00583EPSS
Exploits1Affected Software1
GithubExploit
GithubExploit
added 2026/01/18 5:42 a.m.147 views

Exploit for Path Traversal in Debian Debian_Linux

CVE-2018-11235 1. ssh to your vps. 2. Clone this repo: ba...

7.8CVSS7.2AI score0.49188EPSS
Exploits10
EUVD
EUVD
added 2025/10/27 8:15 p.m.5 views

EUVD-2025-33395

BBOT's gitlab.py exposes globally configured "gitlab" API key...

4.7CVSS6.4AI score0.00208EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/10 4:20 p.m.5 views

CVE-2025-10283

BBOT's gitdumper module could be abused to execute commands through a malicious git repository...

9.6CVSS7.3AI score0.00437EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/09 10:29 p.m.4 views

EUVD-2025-33396

BBOT's gitclone.py can expose users' GitHub API keys to an attacker-controlled webserver...

4.7CVSS6.4AI score0.00208EPSS
Exploits0References4
Snyk
Snyk
added 2025/10/09 4:42 p.m.3 views

Information Exposure

Overview bbot is an OSINT automation for hackers. Affected versions of this package are vulnerable to Information Exposure via the gitlab process. An attacker can obtain sensitive API key information by tricking the system into connecting to a maliciously crafted git URL. Remediation Upgrade bbot...

5.3CVSS6.6AI score0.00208EPSS
Exploits0References2
NVD
NVD
added 2025/10/09 4:15 p.m.21 views

CVE-2025-10282

BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL...

4.7CVSS0.00208EPSS
Exploits0References1
NVD
NVD
added 2025/10/09 4:15 p.m.12 views

CVE-2025-10281

BBOT's gitclone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL...

4.7CVSS0.00208EPSS
Exploits0References1
CVE
CVE
added 2025/10/09 3:46 p.m.17 views

CVE-2025-10283

BBOT’s gitdumper module is vulnerable due to insufficient sanitization of .git data, enabling Directory Traversal that can lead to Remote Code Execution when processing a malicious git repository. Affected component: bb ot gitdumper.py (processing of .git/config and related index/file handling as...

9.6CVSS6.9AI score0.00437EPSS
Exploits0References1
CVE
CVE
added 2025/10/09 3:46 p.m.14 views

CVE-2025-10282

BBOT's gitlab module exposes GitLab API keys by using a maliciously formatted git URL, leading to information exposure to an attacker-controlled server. Multiple sources (including Red Hat CVE entry and accompanying advisories) describe the issue as a leak of the user’s API key when bb ot process...

4.7CVSS6.3AI score0.00208EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/09 3:46 p.m.3 views

CVE-2025-10282 GitLab Domain Confusion in gitlab Leaks API Key

BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL...

4.7CVSS6.3AI score0.00208EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/09 3:46 p.m.10 views

CVE-2025-10282 GitLab Domain Confusion in gitlab Leaks API Key

BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL...

4.7CVSS0.00208EPSS
Exploits0References1
CVE
CVE
added 2025/10/09 3:45 p.m.14 views

CVE-2025-10281

BBOT’s git_clone vulnerability stems from unsafe URL handling that can cause exposure of GitHub API keys to an attacker-controlled server when processing a specially crafted git URL. The CVE description and multiple advisories (Red Hat, GHSA, EUVD, OSV, NVD, CVELIST, and Snyk) consistently refere...

4.7CVSS6.3AI score0.00208EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/09 12:0 a.m.7 views

BBOT 安全漏洞

BBOT is a recursive Internet scanner open-sourced by Black Lantern Security. BBOT suffers from a security vulnerability that stems from a maliciously formatted git URL that could lead to the disclosure of GitLab API keys to an attacker-controlled server...

4.7CVSS6.3AI score0.00208EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.9 views

PT-2025-41396

Name of the Vulnerable Software and Affected Versions BBOT affected versions not specified Description The gitdumper module in BBOT is susceptible to exploitation, allowing attackers to execute arbitrary commands on the host system. This occurs through the processing of malicious Git repositories...

9.6CVSS6.3AI score0.00437EPSS
Exploits0References15
Rows per page
Query Builder