CVE-2025-54586 GitProxy is susceptible to a hidden commits injection attack

GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can inject extra commits into the pack sent to GitHub, commits that aren’t pointed to by any branch. Although these “hidden” commits never show up in the repository’s visib...

CVE-2025-54586

GitProxy

CVE-2025-54585

GitProxy (versions ≤ 1.19.1) is vulnerable to a new-branch approval exploit: nearby commits on a parent branch can be pushed without proper approval due to how new branches are detected (uses a zero-hash check). The issue requires only regular push access and no extra user interaction, but it doe...

CVE-2025-54585 GitProxy is vulnerable to a new branch approval exploit

GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can exploit the way GitProxy handles new branch creation to bypass the approval of prior commits on the parent branch. The vulnerability impacts all users or organizations...

PT-2025-31443 · Gitproxy · Git-Proxy

Name of the Vulnerable Software and Affected Versions: GitProxy versions 1.19.1 and below Description: GitProxy is an application that acts as an intermediary between developers and a Git remote endpoint. A crafted malicious Git packfile can exploit the PACK signature detection in the parsePush.t...

CVE-2017-20186

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in nikooo777 ckSurf up to 1.19.2. It has been declared as problematic. This vulnerability affects the function SpecListMenuDead of the file csgo/addons/sourcemod/scripting/ckSurf/misc.sp of the component Spectator List Name Handler. The...

WordPress plugin Popup Maker 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Popup Maker plugin <= 1.19.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Popup Maker versions = 1.19.2...

CVE-2024-1931

NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's...

ckSurf 安全漏洞

ckSurf is a CSGO timer by Niko Personal Developer. A security vulnerability exists in ckSurf version 1.19.2, which stems from a security issue in the SpecListMenuDead function in csgo/addons/sourcemod/scripting/ckSurf/misc.sp in the component Spectator List Name Handler, which causes a denial of...

Denial of Service (DoS)

Overview apple/swift-nio-http2 is a HTTP/2 support for SwiftNIO. Affected versions of this package are vulnerable to Denial of Service DoS. This can be caused by a network peer sending ALTSVC or ORIGIN frames, due to a logical error after frame parsing but before frame handling. Details Denial of...

Integer Overflow or Wraparound

Overview apple/swift-nio-http2 is a HTTP/2 support for SwiftNIO. Affected versions of this package are vulnerable to Integer Overflow or Wraparound. This can result in a DoS, caused by a network peer sending a specially crafted HPACK-encoded header block. Remediation Upgrade apple/swift-nio-http2...

CVE-2021-36222 affecting package krb5 for versions less than 1.19.2-1

CVE-2021-36222 affecting package krb5 for versions less than 1.19.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2021-22957

A Cross-Origin Resource Sharing CORS vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s account.This vulnerability is fixed in UniFi Protect applicati...

PT-2021-15297 · Ubiquiti · Unifi Protect

Name of the Vulnerable Software and Affected Versions: UniFi Protect versions 1.19.2 and earlier Description: A Cross-Origin Resource Sharing CORS issue allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over the user's account. Recommendation...

Security fix for the ALT Linux 10 package krb5 version 1.19.2-alt1

1.19.2-alt1 built July 26, 2021 Ivan A. Melnikov in task 280684 --- July 25, 2021 Ivan A. Melnikov - 1.19.2 Fixes: CVE-2021-36222...

PT-2021-3744 · Oracle +11 · Mysql Server +10

Name of the Vulnerable Software and Affected Versions: MIT Kerberos 5 krb5 versions prior to 1.18.4 MIT Kerberos 5 krb5 versions 1.19.x prior to 1.19.2 MySQL Server versions 8.0.26 and earlier Description: The issue is related to a NULL pointer dereference in the Key Distribution Center KDC...

MediaWiki Multiple Vulnerabilities (Aug 2012) - Windows

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...

UBUNTU-CVE-2017-13089

The http.c:skipshortbody function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then...

DEBIAN-CVE-2012-4382

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt...