Lucene search
+L

1821 matches found

Nuclei
Nuclei
added yesterday409 views

JFrog Artifactory 6.7.3 - Admin Login Bypass

JFrog Artifactory 6.7.3 is vulnerable to an admin login bypass issue because by default the access-admin account is used to reset the password of the admin account. While this is only allowable from a connection directly from localhost, providing an X-Forwarded-For HTTP header to the request allo...

9.8CVSS7AI score0.53879EPSS
Exploits3References5
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-60465

Name of the Vulnerable Software and Affected Versions ubuntu-pro-client affected versions not specified Description An information disclosure issue exists where the client validates Ubuntu Pro APT credentials by executing the /usr/lib/apt/apt-helper using the download-file command. The secret...

5.5CVSS6.1AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-59733

A flaw was found in Rclone. When using the rclone serve restic --private-repos command, an authenticated user can include directory traversal sequences e.g., .. in a request. This allows them to bypass authorization and read, overwrite, or delete another user's private repository on backends that...

8.8CVSS6AI score0.00523EPSS
Exploits1References7
NVD
NVD
added 3 days ago10 views

CVE-2026-59733

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone serve restic --private-repos enforces authorization using the routed user path segment while building the backend object key from the raw uncleaned URL path,...

8.8CVSS0.00523EPSS
Exploits1References4
OSV
OSV
added 3 days ago4 views

CVE-2026-59733 rclone `serve restic --private-repos` authorization bypass: `..` in the URL path lets an authenticated user read, overwrite and delete other users' repositories

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone serve restic --private-repos enforces authorization using the routed user path segment while building the backend object key from the raw uncleaned URL path,...

8.8CVSS6.1AI score0.00523EPSS
Exploits1References6
Cvelist
Cvelist
added 3 days ago40 views

CVE-2026-59733 rclone `serve restic --private-repos` authorization bypass: `..` in the URL path lets an authenticated user read, overwrite and delete other users' repositories

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone serve restic --private-repos enforces authorization using the routed user path segment while building the backend object key from the raw uncleaned URL path,...

8.8CVSS0.00523EPSS
Exploits1References4
OSV
OSV
added 4 days ago3 views

PYSEC-2026-2926 PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch bypass)

TL;DR CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains unguarded. It is reached by the recipe runner on every recipe execution and is...

8.4CVSS6.2AI score0.00246EPSS
Exploits2References6
The Hacker News
The Hacker News
added 2026/07/09 6:38 p.m.19 views

Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs

Datadog Security Labs is warning of "several overlapping campaigns" that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API. "Operators rely on automated scraping tooling with custom or legitimate-sounding user agents, leveraging...

6AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/07/09 4:29 p.m.20 views

How GitHub gave every repository a durable owner

GitHub has over 14,000 repositories across our primary internal GitHub organization. As of early 2025, there were over 11,000 non-archived repositories, the vast majority of which with no clear owner. For repositories attached to production services, we have historically had robust durable...

6AI score
Exploits0
Snyk
Snyk
added 2026/07/08 4:37 p.m.10 views

Files or Directories Accessible to External Parties

Overview repomix is an A tool to pack repository contents to single file for AI consumption Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the remote repository URL validation in src/core/git/gitRemoteParse.ts and the public website pac...

8.7CVSS6.2AI score0.00386EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/08 2:55 p.m.45 views

CVE-2026-59703 repomix - Local File Inclusion via file:// URL Scheme in Git Clone Endpoint

repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file://...

8.7CVSS0.00386EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:52 a.m.7 views

CVE-2026-44937

Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the...

8.3CVSS6AI score0.00506EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/07/03 10:18 p.m.5 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via a malformed SSH sub-verb in the authentication process. An attacker can gain unauthorized read access to private repositories by crafting specific SSH requests. Remediation Upgrade github.com/go-gitea/gitea/c...

7.7CVSS6AI score0.0031EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:17 p.m.7 views

CVE-2026-58423

LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories...

7.7CVSS0.0031EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 8:54 p.m.37 views

CVE-2026-58423 LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories

LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories...

7.7CVSS0.0031EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:54 p.m.7 views

CVE-2026-58423

LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories...

7.7CVSS5.9AI score0.0031EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/07/03 8:54 p.m.21 views

CVE-2026-58423

The CVE-2026-58423 entry concerns Gitea’s LFS authentication: a malformed SSH sub-verb allows unauthorized read access to private repositories. The issue is described as an authentication bypass that can enable read access without credentials, affecting LFS handling in affected Gitea deployments....

7.7CVSS5.9AI score0.0031EPSS
Exploits0References4
OSV
OSV
added 2026/07/03 8:54 p.m.2 views

CVE-2026-58423 LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories

LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories...

7.7CVSS6AI score0.0031EPSS
Exploits0References6
CVE
CVE
added 2026/07/03 8:19 p.m.89 views

CVE-2026-26231

Gitea versions up to 1.26.1 expose an Authorization Bypass via the Allow edits from maintainers option. The root cause is the PR-create flow binding allow_maintainer_edit=true without verifying the submitter’s write access to the HEAD repository, enabling reverse-fork PR abuse to authorize pushes...

8.5CVSS7.1AI score0.00291EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.33 views

CVE-2026-26231 Gitea maintainer-edit permissions allow unauthorized commits to readable repositories

Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write...

8.5CVSS0.00291EPSS
Exploits0References5
Rows per page
Query Builder