Lucene search
K

9 matches found

Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-59702 repomix - Server-Side Request Forgery via Unvalidated Repository URLs in POST /api/pack

repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers t...

9.3CVSS0.00324EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-44937 SUSE Rancher Fleet had an Unauthenticated Webhook: Regex Injection via Unsanitized Repository URL Components

Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the...

8.3CVSS0.00506EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 6:17 p.m.20 views

CVE-2026-45628

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via childprocess.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...

9.6CVSS0.0023EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 4:33 p.m.13 views

CVE-2026-45628 Dokploy: Command Injection via Unescaped Branch Fields in Deployment Pipeline

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via childprocess.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...

9.6CVSS5.8AI score0.0023EPSS
Exploits0References1
NVD
NVD
added 2025/12/16 12:16 a.m.11 views

CVE-2025-66407

Weblate is a web based localization tool. The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, prior to version 5.15, the repository URL field is...

5CVSS0.00182EPSS
Exploits0References3
OSV
OSV
added 2025/12/11 4:16 p.m.5 views

CVE-2025-67739

In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure...

3.1CVSS5.8AI score0.00145EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.5 views

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A security vulnerability exists in JetBrains TeamCity...

3.1CVSS6.3AI score0.00145EPSS
Exploits0References1
OSV
OSV
added 2018/03/29 1:29 p.m.4 views

CVE-2018-5223

Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to add a repository in Fisheye or Crucible can execute code of their choice on systems that run...

7.2CVSS5.9AI score0.02203EPSS
Exploits1References5
CNVD
CNVD
added 2016/10/11 12:0 a.m.4 views

Git-hub Remote Code Execution Vulnerability

GitHub is a hosting platform for open source and private software projects. A remote code execution vulnerability exists in GitHub repository URLs are not sufficiently validated, which can be exploited by an attacker to execute arbitrary code...

8.8CVSS9.1AI score0.03259EPSS
Exploits0References1
Rows per page
Query Builder