GHSA-8VCG-CFXJ-P5M3 Weblate is vulnerable to RCE through Git config file overwrite

Impact It was possible to overwrite Git configuration remotely and override some of its behavior. Resources Thanks to Jason Marcello for responsible disclosure...

CVE-2025-68398

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue...

CVE-2025-68398

Weblate is affected by a remote Git configuration overwrite vulnerability in versions prior to 5.15.1. The issue allows an attacker to overwrite Git config remotely and override behavior, with SNYK detailing an Arbitrary File Upload via GIT_SSH_COMMAND that can lead to remote code execution; Red ...

CVE-2025-68398 Weblate has git config file overwrite vulnerability that leads to remote code execution

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue...

CVE-2025-68398 Weblate has git config file overwrite vulnerability that leads to remote code execution

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue...

Stack-Buffer-Overflow-x86

Stack-Based Buffer Overflow: From Bug to Code Execution I...

Weblate 代码问题漏洞

Weblate is a Copyleft open source web-based continuous localization system for free software. A code issue vulnerability exists in Weblate versions prior to 5.15.1 that stems from being able to remotely overwrite Git configuration...

PT-2025-52375

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.15.1 Description Weblate is a web-based localization tool. Versions prior to 5.15.1 allowed remote overwriting of the Git configuration, potentially overriding its behavior. This could lead to remote code execution...

EulerOS Virtualization 2.13.1 : vim (EulerOS-SA-2025-2568)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vims tar.vim plugin can allow...

CVE-2025-68144

In mcp-server-git versions prior to 2025.12.17, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...

EUVD-2025-204003

mcp-server-git argument injection in gitdiff and gitcheckout functions allows overwriting local files...

Arbitrary Argument Injection

Overview mcp-server-git is an A Model Context Protocol server providing tools to read, search, and manipulate Git repositories programmatically via LLMs Affected versions of this package are vulnerable to Arbitrary Argument Injection via the gitdiff and gitcheckout functions. An attacker can...

GHSA-9XWC-HFWC-8W59 mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files

In mcp-server-git versions prior to 2025.12.18, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...

CVE-2025-68144 mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files

In mcp-server-git versions prior to 2025.12.17, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...

CVE-2025-68144

CVE-2025-68144 affects mcp-server-git. In versions prior to 2025.12.17, the git_diff and git_checkout functions forward user-controlled arguments directly to the git CLI without sanitization. This allows flag-like values (for example, --output=/path/to/file) to be interpreted as git options rathe...

PT-2025-51937

Name of the Vulnerable Software and Affected Versions mcp-server-git versions prior to 2025.12.17 Description The git diff and git checkout functions in mcp-server-git did not properly sanitize user-supplied arguments before passing them to git CLI commands. Specifically, flag-like values, such a...

PT-2025-53381

Name of the Vulnerable Software and Affected Versions C-Kermit versions through 10.0 Beta.12 aka 416-beta12 before 244644d Description A remote Kermit system can overwrite files on the local system or retrieve arbitrary files from the local system. Recommendations Update to a version later than...

Honeywell Multiple Industrial Printers Improper Privilege Management (CVE-2017-5671)

Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriti...

CVE-2023-53879

NVClient 5.0 contains a stack buffer overflow vulnerability in the user configuration contact field that allows attackers to crash the application. Attackers can overwrite 846 bytes of memory by pasting a crafted payload into the contact box, causing a denial of service condition...

CVE-2023-53874

GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the equalizer preset name input field that allows attackers to crash the application. Attackers can overwrite the preset name with 260 'A' characters to trigger a buffer overflow and cause application instability...