GitPython 路径遍历漏洞

GitPython is a Python library developed by gitpython-developers, designed for interacting with Git repositories. Versions of GitPython prior to 3.1.48 contained a path traversal vulnerability. This vulnerability stemmed from insufficient validation of reference paths during reference creation,...

PT-2026-38581

Name of the Vulnerable Software and Affected Versions Microsoft Partner Center affected versions not specified Description An externally controlled reference to a resource in another sphere allows an unauthorized attacker to perform spoofing over a network. Recommendations At the moment, there is...

Linux Distros Unpatched Vulnerability : CVE-2026-43177

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: ipu6: Fix RPM reference leak in probe error paths Several error paths in ipu6pciprobe were jumping directly to outipu6busdeldevices without releasing the...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssh (UTSA-2026-016492)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016492 advisory. OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted ...

PT-2026-38414

Name of the Vulnerable Software and Affected Versions gittuf versions prior to 0.14.0 Description An attacker with push access to the Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. This occurs because gittuf determines the...

RHEL 9 : freeipmi (RHSA-2026:14819)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:14819 advisory. The freeipmi packages contain an Intelligent Platform Management Interface IPMI remote console and system management software based on the IPMI...

MiracleLinux 8 : java-17-openjdk-17.0.19.0.10-1.el8 (AXSA:2026-552:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-552:05 advisory. JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK: Enhance Path Factories Redux...

Linux Distros Unpatched Vulnerability : CVE-2026-43106

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix incorrect dentry refcount in cachefilescull The patch mentioned below change...

CGA-RX9X-25F6-MVC3

Bulletin has no description...

GHSA-9W9C-9W8M-W89Q ShellHub has cross-tenant IDOR in `GET /api/sessions/:uid` that discloses SSH session data

Summary GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records SSH username, device UID, remote IP, terminal type, authenticated flag, timestamps belonging to any other namespace...

CVE-2026-43582

creationtimestamp| type| source ---|---|--- 2026-05-06 21:36:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml7ntpxucl2e...

CVE-2026-43193

A flaw was found in the Linux kernel's Network File System Daemon nfsd. A reference count leak in the nfsdgetdirdeleg function can lead to resource exhaustion. This vulnerability, if repeatedly triggered, may allow an attacker to cause a Denial of Service DoS by consuming available system resourc...

CVE-2026-43179

A flaw was found in the Linux kernel's EROFS filesystem. An attacker could provide a specially crafted EROFS image with metadata compression enabled. This could trigger incorrect early returns within the kernel, leading to folio reference leaks. While this issue does not cause system crashes or...

CVE-2026-33441

This CVE is a duplicate of another CVE: CVE-2026-33079...

CVE-2026-43177

A flaw was found in the Linux kernel's ipu6 driver. This issue occurs due to a runtime Power Management PM reference leak in the driver's probe error paths. When errors occur during device initialization, PM references are not properly released, which can lead to resource exhaustion and potential...

CVE-2026-43167

A flaw was found in the Linux kernel's xfrm subsystem, which handles IPsec Internet Protocol Security transformations. This vulnerability is caused by a reference count leak in xfrmstate objects when a network device is unregistered. An attacker with local access and privileges to configure netwo...

CVE-2026-43165

A flaw was found in the Linux kernel's hwmon subsystem, specifically in the nct7363 driver. This resource leak occurs in the nct7363presentpwmfanin function because a device node reference is not properly released after being acquired. An attacker with local access could potentially exploit this ...

CVE-2026-43585 OpenClaw < 2026.4.15 - Bearer Token Validation Bypass via Stale SecretRef Resolution

OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthoriz...

CVE-2026-43585 OpenClaw < 2026.4.15 - Bearer Token Validation Bypass via Stale SecretRef Resolution

OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthoriz...

GHSA-7545-FCXQ-7J24 GitPython reference APIs has a path traversal vulnerability that allows arbitrary file write and delete outside the repository

🧾 Summary A vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and...