Lucene search
K

1126 matches found

NVD
NVD
added 2026/07/02 3:17 p.m.8 views

CVE-2026-56004

A shellcode injection in the mercurial handler of the obs tarscm source service before version 0.12.4 could be used by attackers able to provide a service file to execute code as the source service or the local user checking out the malicious services...

10CVSS0.00375EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 2:54 p.m.35 views

CVE-2026-56004 obs-service-tar_scm: command injection via mercurial handler

A shellcode injection in the mercurial handler of the obs tarscm source service before version 0.12.4 could be used by attackers able to provide a service file to execute code as the source service or the local user checking out the malicious services...

10CVSS0.00375EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 2:54 p.m.7 views

EUVD-2026-41404

A shellcode injection in the mercurial handler of the obs tarscm source service before version 0.12.4 could be used by attackers able to provide a service file to execute code as the source service or the local user checking out the malicious services...

10CVSS5.9AI score0.00375EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:54 p.m.8 views

CVE-2026-56004

A shellcode injection in the mercurial handler of the obs tarscm source service before version 0.12.4 could be used by attackers able to provide a service file to execute code as the source service or the local user checking out the malicious services...

10CVSS5.9AI score0.00375EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.16 views

PT-2026-55256

Name of the Vulnerable Software and Affected Versions obs tar scm source service versions prior to 0.12.4 Description A shellcode injection exists in the mercurial handler of the source service. Attackers who can provide a crafted service file can execute arbitrary code as the source service or t...

10CVSS6.2AI score0.00375EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-563 Command injection in libvcs and vcspull

The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...

9.3CVSS6AI score0.03741EPSS
Exploits0References10
OSV
OSV
added 2026/06/24 1:13 p.m.4 views

OESA-2026-2731 mercurial security update

Mercurial is a free, distributed source control management tool. It efficiently handles projects of any size and offers an easy and intuitive interface. Security Fixes: A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects...

5.3CVSS3.6AI score0.00486EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 1:13 p.m.2 views

OESA-2026-2730 mercurial security update

Mercurial is a free, distributed source control management tool. It efficiently handles projects of any size and offers an easy and intuitive interface. Security Fixes: A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects...

5.3CVSS3.6AI score0.00486EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 1:13 p.m.3 views

OESA-2026-2729 mercurial security update

Mercurial is a free, distributed source control management tool. It efficiently handles projects of any size and offers an easy and intuitive interface. Security Fixes: A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects...

5.3CVSS3.7AI score0.00486EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 6:26 p.m.7 views

Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to open source software

Summary Open source packages are used as part of the overall processing in DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the...

7.5CVSS6.3AI score0.00864EPSS
Exploits3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.8 views

CVE-2026-33435

Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...

8CVSS6.2AI score0.00708EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 3:48 p.m.12 views

OESA-2026-2542 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 20.2.2 Release: 4 Summary: A...

8.2CVSS6.6AI score0.00527EPSS
Exploits0References3
OSV
OSV
added 2026/06/05 3:48 p.m.10 views

OESA-2026-2541 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 20.2.2 Release: 4 Summary: A...

8.2CVSS6.6AI score0.00527EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/05 8:14 a.m.8 views

Security Bulletin: IBM watsonx.ai on Cloud Pak for Data is vulnerable to python-Python-3.12.0b4 (Publicly disclosed vulnerability found by Mend) due to python pip package ( CVE-2023-5752, PRISMA-2022-0168)

Summary IBM watsonx.ai on Cloud Pak for Data internally uses CVE-2023-5752 Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary...

5.5CVSS6.5AI score0.00476EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/05/26 4:41 p.m.10 views

EUVD-2025-203462

Weblate has a Server-Side Request Forgery issue...

5CVSS5.8AI score0.00182EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/26 4:41 p.m.18 views

Weblate has a Server-Side Request Forgery issue

Impact The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, the repository URL field is not validated or sanitized, allowing an attacker to supply...

5CVSS5.9AI score0.00182EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/26 4:41 p.m.9 views

GHSA-HFPV-MC5V-P9MM Weblate has a Server-Side Request Forgery issue

Impact The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, the repository URL field is not validated or sanitized, allowing an attacker to supply...

5CVSS5.9AI score0.00182EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Composer

Composer is a dependency manager for the PHP programming language. Integrators who use Composer code to call VcsDriver::getFileContent may encounter a code injection vulnerability if the user can control the $file or $identifier arguments. This vulnerability is documented on packagist.org, where...

8.8CVSS8.2AI score0.01857EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in python-pip

When installing a package from a Mercurial VCS URL e.g., “pip install hg+…” using pip before version 23.3, the specified Mercurial revision could be used to inject arbitrary configuration options into the “hg clone” call e.g., “--config”. Controlling the Mercurial configuration allows modifying t...

5.5CVSS6.8AI score0.00476EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Composer

Composer is a dependency manager for PHP. The URLs for Mercurial repositories in the composer.json file at the root level, as well as the source download URLs, are not sanified correctly. Specifically crafted URL values allow code to be executed via the HgDriver if hg/Mercurial is installed on th...

8.8CVSS8.5AI score0.04849EPSS
Exploits1References2
Rows per page
Query Builder