14 matches found
EUVD-2026-14990
sbt: Source dependency feature via crafted VCS URL leads to arbitrary code execution on Windows...
CVE-2025-66407
Weblate is a web based localization tool. The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, prior to version 5.15, the repository URL field is...
Weblate 跨站请求伪造漏洞
Weblate is a Copyleft open source web-based free software continuous localization system. A cross-site request forgery vulnerability exists in Weblate versions prior to 5.15, which stems from an unvalidated or uncleaned repository URL field in the Create Component function, and could lead to...
CVE-2025-67739
In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure...
CVE-2025-67739
In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure...
CVE-2025-67739
In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure...
CVE-2025-67739
In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure...
MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution (RCE) via malicious URL
Summary The MCPScanner class contains a critical Command Injection vulnerability in the cloneRepo method. The application passes the user-supplied githubUrl argument directly to a system shell via execSync without sanitization. This allows an attacker to execute arbitrary commands on the host...
Race Condition
Argo CD is vulnerable to a race condition. The vulnerability is due to a flaw in the repository credentials handler that triggers a server panic during concurrent operations on the same repository URL, which allows an attacker to crash the Argo CD server...
SUSE CVE-2024-8986
The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin. If credentials are included in the repository URI for instance, to allow for fetching of private...
PT-2024-6336 · Grafana · Grafana Plugin Sdk
Name of the Vulnerable Software and Affected Versions: Grafana Plugin SDK versions prior to 0.250.0 Description: The issue is related to the Grafana Plugin SDK bundling build metadata into the binaries it compiles, which includes the repository URI for the plugin being built. If credentials are...
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site scripting...
CVE-2015-9415
creationtimestamp| type| source ---|---|--- 2019-09-26 09:01:47+00:00| seen| https://t.me/cibsecurity/7030 2025-09-29 00:37:53+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2015/CVE-2015-9415.yaml 2025-09-30 21:02:37+00:00| seen|...
UBUNTU-CVE-2017-12836
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."...