Lucene search
K

35 matches found

Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the fork synchronization process. An attacker can access private repository data by continuing to synchronize a fork after the parent repository's visibility changes from public to private. Remediation Upgrade...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/02 10:12 a.m.17 views

CVE-2026-44740

A flaw was found in Billy, an interface filesystem abstraction for Go. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing crafted or malformed input. The issue arises from insufficient validation and missing safety mechanisms when processing untrusted...

7.5CVSS6AI score0.00295EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/24 8:32 p.m.27 views

CVE-2026-52812 Gogs: LFS dedupe path leaks private repo content across tenants

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git LFS storage is content-addressed by OID alone /// but per-repo authorization lives in the lfsobject table keyed repoid, oid. serveUpload skips re-uploading when the OID file already exists on disk and inserts a new repoid, oid r...

7.1CVSS0.00236EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.7 views

AlmaLinux 10 : libsolv (ALSA-2026:28236)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:28236 advisory. libsolv: Stack-based buffer overflow in libsolv's Debian metadata parser when handling SHA384/SHA512 checksums CVE-2026-9150 libsolv: Heap buffer overfl...

7.8CVSS6.1AI score0.00399EPSS
Exploits1References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 5:10 a.m.19 views

Malicious code in sendgrid-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08f1d48bc557c6afa69c74455fe35f34ed0992082dc30fc09d032523d2329f63 Package impersonates the official SendGrid npm packages @sendgrid/ but ships no SDK functionality — index.js exports an empty object. Its sole purpos...

5.4AI score
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 4:4 p.m.15 views

Malicious code in create-docs-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd4381fd77419441a2eefe6b22adef6c9f5adfe1b92be5d071abd5908fdf8647 Package is published at version 9999.99.99 — the canonical high-version override used in dependency-confusion attacks against private/internal packag...

5.5AI score
Exploits0References1
Snyk
Snyk
added 2026/05/29 7:43 p.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the parsing of maliciously crafted Git repository data, such as .pack, .idx, or loose objects. An attacker can cause the application to panic by providing a payload that excee...

6.9CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/25 6:53 p.m.11 views

MAL-2026-4670 Malicious code in skills-detector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 844190b21455d308d6e2b5305ebe92634d80b55817290a84644a1048df0e54b3 On npm install, postinstall.js executes whoami and id via childprocess.execSync, collects os.hostname, os.platform, current working directory, and th...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 9:46 a.m.10 views

Malicious code in svharness (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3aef9a7535c16df930fdb10e5b60773f5ba2e0a8cd102d53a4cc3da122cfd473 When the documented svharness build --baseline or svharness wizard command is run, the tool's default 'tasks' wiki mode scans and bundles the caller'...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.11 views

PT-2026-41959

Name of the Vulnerable Software and Affected Versions go-git versions prior to v5 Description A path validation issue allows crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. This occurs because the software drifted from...

8.1CVSS5.8AI score0.00813EPSS
Exploits0References51
Tenable Nessus
Tenable Nessus
added 2025/10/09 12:0 a.m.6 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : FORT Validator vulnerabilities (USN-7813-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7813-1 advisory. Niklas Vogel and Haya Schulmann discovered that FORT Validator did not perform proper input validation when parsing certain RPKI...

9.8CVSS6.1AI score0.00481EPSS
Exploits0References8
Ubuntu
Ubuntu
added 2025/10/08 1:47 p.m.6 views

USN-7813-1: FORT Validator vulnerabilities

Niklas Vogel and Haya Schulmann discovered that FORT Validator did not perform proper input validation when parsing certain RPKI repository data. A remote attacker could possibly use this issue to cause FORT Validator to crash, resulting in a denial of service. CVE-2024-45234, CVE-2024-45235,...

9.8CVSS5.8AI score0.00481EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-0519

Malware in sbrugna...

6.8CVSS6AI score0.02084EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-22200

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal...

7.5CVSS7.1AI score0.01003EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.309 views

ManageEngine DataSecurity Plus Xnode Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine DataSecurity Plus Xnode Enumeration', 'Description' = %q This module exploits default admin credentials for the DataEngine Xnode...

10CVSS9.6AI score0.77477EPSS
Exploits7
Positive Technologies
Positive Technologies
added 2024/02/29 12:0 a.m.6 views

PT-2024-18414

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.12 GitHub Enterprise Server versions 3.8.15 and earlier GitHub Enterprise Server versions 3.9.10 and earlier GitHub Enterprise Server versions 3.10.7 and earlier GitHub Enterprise Server versions...

6.5CVSS6.2AI score0.00606EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2023/10/02 12:0 a.m.11 views

The vulnerability of the application software interface of the Cisco DNA Center allows a hacker to read and modify data in its internal repository.

The vulnerability of the Cisco DNA Center’s application programming interface is related to errors in access management. Exploiting this vulnerability allows a malicious actor to remotely read and modify data in the internal repository by sending specially crafted API requests...

9CVSS7.4AI score0.00483EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/04/25 10:15 a.m.16 views

Cross site scripting

Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the...

3.5CVSS5.3AI score0.0074EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/11/09 5:15 p.m.3 views

DEBIAN-CVE-2021-43173

In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP...

7.5CVSS7.3AI score0.01434EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/07/06 12:0 a.m.5 views

GitLab安全漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An access control error vulnerability exists in GitLab...

7.5CVSS5.7AI score0.01084EPSS
Exploits0References3
Rows per page
Query Builder