1698 matches found
CLSA-2026-1778269628 libssh: Fix of CVE-2026-0964
CVE-2026-0964: SCP path traversal via crafted filenames in sshscppullrequest allowing files to be written outside the intended directory...
EUVD-2026-28771
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ XDP multi-buf programs can modify the layout of the XDP buffer when the program calls bpfxdppulldata or bpfxdpadjusttail. The referenced commit in the fixes tag...
CVE-2026-43465
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ XDP multi-buf programs can modify the layout of the XDP buffer when the program calls bpfxdppulldata or bpfxdpadjusttail. The referenced commit in the fixes tag...
CVE-2026-43465 net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ XDP multi-buf programs can modify the layout of the XDP buffer when the program calls bpfxdppulldata or bpfxdpadjusttail. The referenced commit in the fixes tag...
PT-2026-39212
Name of the Vulnerable Software and Affected Versions Postiz versions prior to commit da44801 Description A Pwn Request issue in the Build and Publish PR Docker Image workflow located in '.github/workflows/pr-docker-build.yml' allows unauthenticated users to execute arbitrary code during the Dock...
Gitroom Postiz 代码注入漏洞
Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Previous versions of Gitroom Postiz had a code injection vulnerability. This vulnerability stemmed from a Pwn Request vulnerability present in the workflow for building and publishing PR Docker images, which could...
Exploit for CVE-2026-44590
CVE-2026-44590 - sherlock-project/sherlock CI - RCE via pullr...
ECHO-A2CB-9FEB-100C From https://github.com/nltk/nltk/pull/3468 (merge commit 1056b32).
Bulletin has no description...
EUVD-2026-28411
GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and receivepack bypass that check. If an...
CVE-2026-42215
GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and receivepack bypass that check. If an...
CVE-2026-42215 GitPython: Command injection via Git options bypass
GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and receivepack bypass that check. If an...
RHCOS 4 : OpenShift Container Platform 4.2.22 skopeo (RHSA-2020:0689)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0689 advisory. - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull CVE-2020-8945 Note that Nessus has not tested for this issue...
PT-2026-37388
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An overflow occurs in the af alg pull tsgl function within the crypto: af alg component. This issue arises because the original loop was not updated when page reassignment was added,...
CVE-2026-7725
A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commitsha/directories results in argument injection. It is...
Prefect Git Argument Injection in GitRepository Pull Steps
A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commitsha/directories results in argument injection. It is...
GHSA-6RCX-55R6-JX65 Prefect Git Argument Injection in GitRepository Pull Steps
A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commitsha/directories results in argument injection. It is...
CVE-2026-7725
A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commitsha/directories results in argument injection. It is...
EUVD-2026-26883
A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. The attack may be initiated remotely. The...
CVE-2026-7725 PrefectHQ prefect GitRepository Pull storage.py argument injection
A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commitsha/directories results in argument injection. It is...
EUVD-2026-26880
A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commitsha/directories results in argument injection. It is...