45 matches found
PT-2026-49604
Name of the Vulnerable Software and Affected Versions Buildah versions prior to 1.43.2 Buildah versions prior to 1.44 Podman versions prior to 5.8.3 Description When processing build contexts or add/copy instructions, a malicious server serving a Git repository or a tar archive file can cause fil...
EUVD-2026-35707
Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...
UBUNTU-CVE-2026-44465
Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution RCE when a victim open a folder in untrusted mode...
EUVD-2026-32937
Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution RCE when a victim open a folder in untrusted mode...
Zed 安全漏洞
Zed is a code editor developed by Zed Industries. Versions of Zed prior to 0.227.1 contained a security vulnerability. This vulnerability stemmed from the abuse of the core.fsmonitor Git configuration option when opening folders containing malicious.git/config files. This allowed attackers to...
Security Bulletin: Go-getter may allow to arbitrary filesystem reads through git operations
Summary HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and...
Exploit for Path Traversal in Debian Debian_Linux
CVE-2018-11235 1. ssh to your vps. 2. Clone this repo: ba...
EUVD-2025-33395
BBOT's gitlab.py exposes globally configured "gitlab" API key...
CVE-2025-10283
BBOT's gitdumper module could be abused to execute commands through a malicious git repository...
EUVD-2025-33396
BBOT's gitclone.py can expose users' GitHub API keys to an attacker-controlled webserver...
Information Exposure
Overview bbot is an OSINT automation for hackers. Affected versions of this package are vulnerable to Information Exposure via the gitlab process. An attacker can obtain sensitive API key information by tricking the system into connecting to a maliciously crafted git URL. Remediation Upgrade bbot...
CVE-2025-10282
BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL...
CVE-2025-10281
BBOT's gitclone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL...
CVE-2025-10283
BBOT’s gitdumper module is vulnerable due to insufficient sanitization of .git data, enabling Directory Traversal that can lead to Remote Code Execution when processing a malicious git repository. Affected component: bb ot gitdumper.py (processing of .git/config and related index/file handling as...
CVE-2025-10282
BBOT's gitlab module exposes GitLab API keys by using a maliciously formatted git URL, leading to information exposure to an attacker-controlled server. Multiple sources (including Red Hat CVE entry and accompanying advisories) describe the issue as a leak of the user’s API key when bb ot process...
CVE-2025-10282 GitLab Domain Confusion in gitlab Leaks API Key
BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL...
CVE-2025-10282 GitLab Domain Confusion in gitlab Leaks API Key
BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL...
CVE-2025-10281
BBOT’s git_clone vulnerability stems from unsafe URL handling that can cause exposure of GitHub API keys to an attacker-controlled server when processing a specially crafted git URL. The CVE description and multiple advisories (Red Hat, GHSA, EUVD, OSV, NVD, CVELIST, and Snyk) consistently refere...
BBOT 安全漏洞
BBOT is a recursive Internet scanner open-sourced by Black Lantern Security. BBOT suffers from a security vulnerability that stems from a maliciously formatted git URL that could lead to the disclosure of GitLab API keys to an attacker-controlled server...
PT-2025-41396
Name of the Vulnerable Software and Affected Versions BBOT affected versions not specified Description The gitdumper module in BBOT is susceptible to exploitation, allowing attackers to execute arbitrary commands on the host system. This occurs through the processing of malicious Git repositories...