Lucene search
K

37 matches found

OSV
OSV
added 2026/06/29 10:16 a.m.4 views

DEBIAN-CVE-2026-25707

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation...

8.8CVSS5.8AI score0.006EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 10:16 a.m.8 views

CVE-2026-25707

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation...

8.8CVSS0.006EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 10:16 a.m.2 views

UBUNTU-CVE-2026-25707

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation...

8.8CVSS5.8AI score0.006EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 10:4 a.m.50 views

CVE-2026-25707

Summary of vulnerability (CVE-2026-25707) : A relative path traversal in libzypp’s repository metadata processing (prior to version 17.38.10) could allow remote repository authors to overwrite local files, potentially leading to denial of service or privilege escalation. Connected advisories indi...

8.8CVSS5.8AI score0.006EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.13 views

SUSE SLED15: libsolv-devel / libsolv-tools / libsolv-tools-base / libzypp / etc (SUSE-SU-2026:2575-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2575-1 advisory. This update for libsolv, libzypp, zypper fixes the following issues - CVE-2026-9149: Heap buffer overflow in...

8.8CVSS6.3AI score0.006EPSS
Exploits0References36
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.7 views

SUSE SLED15: libsolv-devel / libsolv-tools / libsolv-tools-base / libzypp / etc (SUSE-SU-2026:2590-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2590-1 advisory. This update for libsolv, libzypp, zypper fixes the following issues - CVE-2026-9149: Heap buffer overflow in...

8.8CVSS6.3AI score0.006EPSS
Exploits0References36
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.7 views

SUSE SLED15: libsolv-devel / libsolv-tools / libsolv-tools-base / libzypp / etc (SUSE-SU-2026:2531-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2531-1 advisory. This update for libsolv, libzypp, zypper fixes the following issues - CVE-2026-9149: Heap buffer overflow in...

8.8CVSS6.3AI score0.006EPSS
Exploits0References36
OSV
OSV
added 2026/06/23 12:48 p.m.2 views

SUSE-SU-2026:2575-1 Security update for libsolv, libzypp, zypper

This update for libsolv, libzypp, zypper fixes the following issues - CVE-2026-9149: Heap buffer overflow in libsolv repoaddsolv via negative maxsize from crafted .solv file bsc1265935. - CVE-2026-9150: Stack-based buffer overflow in libsolv's Debian metadata parser when handling SHA384/SHA512...

8.8CVSS6.3AI score0.006EPSS
Exploits0References29
OSV
OSV
added 2026/06/19 7:11 a.m.3 views

SUSE-SU-2026:22221-1 Security update for zypper, libzypp, libsolv

This update for zypper, libzypp, libsolv fixes the following issues: Changes in zypper: Update to 1.14.98: - Transactional systems: Delegate rw-commands to transactional-wrapper if available jscPED-13680, jscPED-15607 On a transactional system where the root filesystem is mounted read-only, zyppe...

8.8CVSS6.2AI score0.006EPSS
Exploits0References20
OSV
OSV
added 2026/06/02 3:57 p.m.7 views

SUSE-SU-2026:21988-1 Security update for libzypp, libsolv

This update for libzypp, libsolv fixes the following issues: libsolv was updated to 0.7.39: - fix solvchksumfree segfault when called with a NULL pointer - made repoaddsolv more robust against corrupt files bsc1265935 CVE-2026-9149 - fix potential buffer overflow when verifying EdDSA signatures...

8.8CVSS5.7AI score0.006EPSS
Exploits0References9
Snyk
Snyk
added 2026/05/11 5:53 p.m.8 views

Command Injection

Overview @wdio/browserstack-service is a WebdriverIO service for better Browserstack integration Affected versions of this package are vulnerable to Command Injection via the getGitMetadataForAISelection function. An attacker can execute arbitrary commands on the host system by supplying a...

9.8CVSS6.1AI score0.02799EPSS
Exploits1References2
NCSC
NCSC
added 2026/03/12 2:42 p.m.8 views

Vulnerabilities fixed in GitLab

GitLab fixed vulnerabilities in versions 18.9.2, 18.8.6 and 18.7.6 The vulnerabilities included several issues, including incorrect authorization checks that allowed authenticated users to access sensitive data, such as metadata from private repositories, and enabling denial-of-service situations...

8.7CVSS5.8AI score0.00523EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : librepo-1.11.0-3.el8 (AXSA:2020-543:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-543:01 advisory. librepo: missing path validation in repomd.xml may lead to directory traversal CVE-2020-14352 CVE-2020-14352: A flaw was found in librepo in versions before...

8.5CVSS5.7AI score0.02526EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/20 12:13 a.m.15 views

CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...

5CVSS6.8AI score0.00368EPSS
Exploits1References1
OSV
OSV
added 2025/12/19 2:16 a.m.6 views

CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...

4.3CVSS5.9AI score0.00368EPSS
Exploits1References4
NVD
NVD
added 2025/12/19 2:16 a.m.9 views

CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...

5CVSS0.00368EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/19 12:0 a.m.23 views

CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...

5CVSS0.00368EPSS
Exploits1References4
CVE
CVE
added 2025/12/19 12:0 a.m.16 views

CVE-2025-67844

The Mintlify Platform’s GitHub Integration API (pre-2025-11-15) fails to validate that configured repository owner/name belong to the user’s GitHub App Installation ID, enabling disclosure of sensitive repository metadata. Multiple sources corroborate the issue and cite the same root cause in the...

5CVSS6.4AI score0.00368EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/19 12:0 a.m.4 views

CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...

5CVSS6.4AI score0.00368EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.7 views

PT-2025-52405

Name of the Vulnerable Software and Affected Versions Mintlify Platform versions prior to 2025-11-15 Description The GitHub Integration API in Mintlify Platform has an issue where it does not properly validate the repository owner and name fields during configuration. This allows remote attackers...

5CVSS6.5AI score0.00368EPSS
Exploits1References10
Rows per page
Query Builder