Lucene search
+L

789 matches found

The Hacker News
The Hacker News
added 3 days ago9 views

Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution

Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No click, no approval dialog, no warning that anything in the folder is about to execute. Whatever that binary does, it does as you, with your source, your SSH keys and your cloud...

6.5AI score
Exploits0
NVD
NVD
added 2026/07/10 3:16 p.m.6 views

CVE-2026-59793

In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration...

8.8CVSS0.00343EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 2:18 p.m.16 views

CVE-2026-59793

CVE-2026-59793 affects JetBrains TeamCity prior to version 2026.1.2. The issue allows arbitrary file access via the Perforce VCS integration, due to the Perforce VCS integration component. Impact is described as high for confidentiality, integrity, and availability. The CVSS vector indicates netw...

8.8CVSS6.2AI score0.00343EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/06 9:16 p.m.8 views

CVE-2026-14468

HashiCorp Terraform Enterprise contained an issue in its version control system VCS ingestion of registry modules that did not correctly enforce the intended boundary on packaged module content. This may allow an authenticated user to include files from outside the intended repository content in ...

7.7CVSS0.00295EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 8:59 p.m.7 views

EUVD-2026-41946

HashiCorp Terraform Enterprise contained an issue in its version control system VCS ingestion of registry modules that did not correctly enforce the intended boundary on packaged module content. This may allow an authenticated user to include files from outside the intended repository content in ...

7.7CVSS6AI score0.00295EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:59 p.m.5 views

CVE-2026-14468

HashiCorp Terraform Enterprise contained an issue in its version control system VCS ingestion of registry modules that did not correctly enforce the intended boundary on packaged module content. This may allow an authenticated user to include files from outside the intended repository content in ...

7.7CVSS6AI score0.00295EPSS
Exploits0References2Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2026/07/06 8:55 p.m.7 views

Terraform Enterprise vulnerable to arbitrary file read

Summary HashiCorp Terraform Enterprise contained an issue in its version control system VCS ingestion of registry modules that did not correctly enforce the intended boundary on packaged module content. This may allow an authenticated user to include files from outside the intended repository...

7.7CVSS6.1AI score0.00295EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/07/01 11:5 p.m.77 views

CVE-2026-14439

CVE-2026-14439 describes a path-traversal in the Git Service shared by Altium Enterprise Server and Altium 365. The vulnerability arises from a post-clone file-manipulation primitive that accepts user-supplied paths without validation, enabling an authenticated user with basic git access to move ...

9.4CVSS6.5AI score0.00601EPSS
Exploits0References1
Fedora
Fedora
added 2026/07/01 1:22 a.m.9 views

[SECURITY] Fedora 43 Update: python-jupytext-1.19.4-1.fc43

Have you always wished Jupyter notebooks were plain text documents? Wished you could edit them in your favorite IDE? And get clear and meaningful diffs when doing version control? Then... Jupytext may well be the tool you're looking for! Jupytext is a plugin for Jupyter that can save Jupyter...

7.5CVSS5.7AI score0.00782EPSS
Exploits2
Fedora
Fedora
added 2026/07/01 1:2 a.m.9 views

[SECURITY] Fedora 44 Update: python-jupytext-1.19.4-1.fc44

Have you always wished Jupyter notebooks were plain text documents? Wished you could edit them in your favorite IDE? And get clear and meaningful diffs when doing version control? Then... Jupytext may well be the tool you're looking for! Jupytext is a plugin for Jupyter that can save Jupyter...

7.5CVSS5.7AI score0.00782EPSS
Exploits2
CVE
CVE
added 2026/06/24 5:33 p.m.27 views

CVE-2026-48719

Warp, versions 0.2025.08.06.08.12.stable_00 through 0.2026.05.06.15.42.stable_01, contains a command injection in the prompt branch selector. If a user can publish a branch to a Git repository opened in Warp, a crafted branch name can be interpreted by the victim's shell when the branch is select...

8CVSS5.8AI score0.00948EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:50 p.m.12 views

Malicious code in security-alerts-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f881805b709189d00bc52dc57c407bfecdae44fb343f92634a301c31525f6b0 Despite advertising itself as a breach-monitoring SDK, this package executes a remote-access trojan and credential harvester against any installer th...

6AI score
Exploits0References5
EUVD
EUVD
added 2026/06/20 4:43 p.m.14 views

EUVD-2026-38128

Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the GitRepository storage class. The commitsha parameter, which is passed to git commands, lacks validation and does not include a -- separator to distinguish user input from git...

9.9CVSS8.2AI score0.00874EPSS
Exploits3References1
Snyk
Snyk
added 2026/06/17 1:55 p.m.5 views

Creation of Temporary File in Directory with Insecure Permissions

Overview @mariozechner/pi-coding-agent is a Coding agent CLI with read, bash, edit, write tools and session management Affected versions of this package are vulnerable to Creation of Temporary File in Directory with Insecure Permissions in the process handling temporary extension package installs...

7.3CVSS6.3AI score0.00115EPSS
Exploits0References2
Fedora
Fedora
added 2026/06/17 8:26 a.m.22 views

[SECURITY] Fedora 43 Update: ack-3.10.0-1.fc43

Ack is a grep-like search tool designed for use with large heterogeneous trees of source code. It searchs recursively and ignores common version control directories...

5.3AI score
Exploits0
Fedora
Fedora
added 2026/06/16 1:3 a.m.16 views

[SECURITY] Fedora 44 Update: ack-3.10.0-1.fc44

Ack is a grep-like search tool designed for use with large heterogeneous trees of source code. It searchs recursively and ignores common version control directories...

5.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-45331

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, validateurl in backend/openwebui/retrieval/web/utils.py calls validators.ipv6ip, private=True, but the validators library does NOT implement the private keyword for IPv6 — the call...

8.5CVSS5.4AI score0.00286EPSS
Exploits1References1
NVD
NVD
added 2026/06/05 7:16 p.m.18 views

CVE-2026-46399

HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code execution on the HAX CM...

9.4CVSS0.00291EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2026/06/05 3:53 p.m.42 views

K000161612: Golang vulnerabilities CVE-2025-4674 and CVE-2025-61724

Security Advisory Description CVE-2025-4674 The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contai...

8.6CVSS6.8AI score0.00526EPSS
Exploits0
OSV
OSV
added 2026/06/05 3:48 p.m.12 views

OESA-2026-2542 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 20.2.2 Release: 4 Summary: A...

8.2CVSS6.6AI score0.00527EPSS
Exploits0References3
Rows per page
Query Builder