GHSA-XXMH-RF63-QWJV GitProxy Backfile Parsing Exploit

Summary An attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts. By embedding a misleading PACK signature within commit content and carefully constructing the packet structure, the attacker can trick the parser into treating invalid or unintended...

GitProxy Approval Bypass When Pushing Multiple Branches

Summary This vulnerability allows a user to push to the remote repository while bypassing policies and explicit approval. Since checks and plugins are skipped, code containing secrets or unwanted changes could be pushed into a repository. Because it can allow policy violations to go undetected, w...

The Fintech Open Source Foundation GitProxy 安全漏洞

The Fintech Open Source Foundation GitProxy is a deployment of custom push protection and policies on top of Git by The Fintech Open Source Foundation Foundation. A security vulnerability exists in The Fintech Open Source Foundation GitProxy 1.19.1 and earlier versions, which stems from a...

z-push/z-push-dev SQL Injection Vulnerability

Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...

GHSA-W832-W3P8-CW29 z-push/z-push-dev SQL Injection Vulnerability

Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...

CVE-2025-8264

Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...

CVE-2025-8264

Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...

UBUNTU-CVE-2025-8264

Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...

CVE-2025-8264

Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...

CVE-2025-8264

Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...

CVE-2025-8264

CVE-2025-8264 affects z-push/z-push-dev prior to version 2.7.6 due to unparameterized queries in the IMAP backend, enabling SQL Injection via the username field in basic authentication. Impact stated as attacker could access and potentially modify or delete data in a linked third-party database. ...

Z-Push 安全漏洞

Z-Push is an open source data synchronization software from Z-Hub. A security vulnerability exists in Z-Push versions prior to 2.7.6, which stems from an unparameterized query and could lead to a SQL injection attack...

PT-2025-31175 · Z-Push +1 · Z-Push +1

Name of the Vulnerable Software and Affected Versions: z-push/z-push-dev versions prior to 2.7.6 Description: The software is vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic...

CVE-2025-54534

In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page...

DEBIAN-CVE-2025-38459

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clippush. syzbot reported the splat below. 0 This happens if we call ioctlATMARPMKIP more than once. During the first call, clipmkip sets clippush to vcc-push, and the second call copies ...

AZL-65822 CVE-2025-38459 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clippush. syzbot reported the splat below. 0 This happens if we call ioctlATMARPMKIP more than once. During the first call, clipmkip sets clippush to vcc-push, and the second call copies ...

UBUNTU-CVE-2025-38459

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clippush. syzbot reported the splat below. 0 This happens if we call ioctlATMARPMKIP more than once. During the first call, clipmkip sets clippush to vcc-push, and the second call copies ...

CVE-2025-38459 atm: clip: Fix infinite recursive call of clip_push().

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clippush. syzbot reported the splat below. 0 This happens if we call ioctlATMARPMKIP more than once. During the first call, clipmkip sets clippush to vcc-push, and the second call copies ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an infinite recursive call problem in clippush...

WordPress Ultimate Push Notifications Missing Authorization Vulnerability

WordPress Ultimate Push Notifications is a plugin that is mainly used to implement real-time push functionality in WordPress websites, supporting sending desktop and mobile device notifications to users. WordPress Ultimate Push Notifications suffers from a lack of authorization vulnerability, no...