CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29 matches found

RedhatCVE•added 2026/05/28 8:12 p.m.•7 views

CVE-2026-40034

gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...

8.5CVSS6.2AI score0.00019EPSS

Exploits0References1

Tenable Nessus•added 2026/05/28 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-40034

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the...

8.5CVSS6.2AI score0.00019EPSS

Exploits0References2

NVD•added 2026/05/26 3:16 p.m.•8 views

CVE-2026-40034

8.5CVSS0.00019EPSS

Exploits0References5

UbuntuCve•added 2026/05/26 3:16 p.m.•4 views

CVE-2026-40034

gix-submodule before 0.82.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An attacker can inject arbitrary shell commands vi...

8.5CVSS6.2AI score0.00019EPSS

Exploits0References6

CNNVD•added 2026/05/26 12:0 a.m.•5 views

gitoxide 安全漏洞

GitOxide is a Git implementation written in Rust by Sebastian Thiel. Versions of GitOxide prior to 0.82.0 contained a security vulnerability, which stemmed from improper validation of the update field in.gitmodules. This vulnerability could allow attackers to bypass the...

8.5CVSS6AI score0.00019EPSS

Exploits0References5

Positive Technologies•added 2026/05/26 12:0 a.m.•10 views

PT-2026-43251

8.5CVSS6.2AI score0.00019EPSS

Exploits0References6

Github Security Blog•added 2026/05/05 7:23 p.m.•2 views

gitoxide: CommandForbiddenInModulesConfiguration Bypass in gix_submodule::File::update() Enables Arbitrary Command Execution via .gitmodules

Summary gixsubmodule::File::update is the API that gates whether an attacker-supplied .gitmodules file may set update = !. The function is designed to return ErrCommandForbiddenInModulesConfiguration unless the !command value came from a trusted local source .git/config. Git CVE CVE-2019-19604...

9.3CVSS7.2AI score0.01562EPSS

Exploits1References2Affected Software1

OSV•added 2026/05/05 7:23 p.m.•0 views

GHSA-F26G-JM89-4G65 gitoxide: CommandForbiddenInModulesConfiguration Bypass in gix_submodule::File::update() Enables Arbitrary Command Execution via .gitmodules

7.8CVSS5.9AI score

Exploits0References2

OSV•added 2026/04/25 11:41 p.m.•0 views

GHSA-X2QX-6953-8485 GitPython: Unsafe option check validates multi_options before shlex.split transformation

Summary clone validates multioptions as the original list, then executes shlex.split" ".joinmultioptions. A string like "--branch main --config core.hooksPath=/x" passes validation starts with --branch, but after split becomes "--branch", "main", "--config", "core.hooksPath=/x". Git applies the...

8.1CVSS6AI score0.00029EPSS

Exploits1References5

Positive Technologies•added 2026/04/25 12:0 a.m.•3 views

PT-2026-37191

Name of the Vulnerable Software and Affected Versions GitPython versions prior to 3.1.47 Description GitPython is a Python library used to interact with Git repositories. The clone function validates the multi options variable as an original list but then executes shlex.split" ".joinmulti options...

9.8CVSS5.9AI score0.00021EPSS

Exploits1References23

Tenable Nessus•added 2026/04/11 12:0 a.m.•1 views

Fedora 45 : micropython (2026-d619d8d077)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d619d8d077 advisory. Automatic update for micropython-1.28.0-1.fc45. Changelog Mon Apr 6 2026 Lumr Balhar - 1.28.0-1 - Update to 1.28.0 - Security fix for CVE-2026-1998 ...

7.8CVSS6.2AI score0.00428EPSS

Exploits4References10

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-9219

Malware in sbrugna...

9.3CVSS8.6AI score0.01562EPSS

Exploits1References15

SUSE CVE•added 2024/02/29 3:36 a.m.•1 views

SUSE CVE-2024-27099

The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect AMQPVALUE failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987...

8.1CVSS7AI score0.01498EPSS

Exploits0References4

NVD•added 2024/02/27 7:4 p.m.•17 views

CVE-2024-27099

9.8CVSS9.5AI score0.01498EPSS

Exploits0References2

OSV•added 2024/02/27 7:4 p.m.•1 views

DEBIAN-CVE-2024-27099

9.8CVSS7.5AI score0.01498EPSS

Exploits0References1

OSV•added 2024/02/27 7:4 p.m.•1 views

AZL-35447 CVE-2024-27099 affecting package azure-iot-sdk-c for versions less than 2022.01.21-3

9.8CVSS6.9AI score0.01498EPSS

Exploits0References1

OSV•added 2024/02/27 7:4 p.m.•1 views

UBUNTU-CVE-2024-27099

9.8CVSS5.8AI score0.01498EPSS

Exploits0References4

Debian CVE•added 2024/02/27 6:58 p.m.•15 views

CVE-2024-27099

9.8CVSS7.5AI score0.01498EPSS

Exploits0

SUSE CVE•added 2024/02/14 3:56 a.m.•1 views

SUSE CVE-2024-25110

The UAMQP is a general purpose C library for AMQP 1.0. During a call to opengetofferedcapabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule...

7.5CVSS8.2AI score0.00739EPSS

Exploits0References4

OSV•added 2024/02/12 7:58 p.m.•25 views

CVE-2024-25110 Azure IoT Platform Device SDK Remote Code Execution Vulnerability

9.8CVSS8.3AI score0.00739EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by