Lucene search
K

783 matches found

Github Security Blog
Github Security Blog
added 2026/03/24 4:4 p.m.5 views

sbt: Source dependency feature (via crafted VCS URL) leads to arbitrary code execution on Windows

Summary On Windows, sbt uses Process"cmd", "/c", ... to run VCS commands git, hg, svn. The URI fragment branch, tag, revision is user-controlled via the build definition and passed to these commands without validation. Because cmd /c interprets &, |, and ; as command separators, a malicious...

7.8CVSS6.2AI score0.00304EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.10 views

PT-2026-27306

sbt 1.12.7 is released, featuring a security fix for CVE-2026-32948, Source dependency feature via crafted VCS URL leading to arbitrary code execution on Windows...

6.4AI score0.00304EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/13 9:31 p.m.6 views

EUVD-2026-11748

wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin options as JSON. Attackers can obtain exported files containing plaintext API secrets like fbAppSecret, googleClientSecret, twitterAppSecret...

6.9CVSS5.8AI score0.00274EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/13 1:18 a.m.2 views

CVE-2026-22203 wpDiscuz before 7.6.47 - Options Export Leaks OAuth Secrets in Plaintext

wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin options as JSON. Attackers can obtain exported files containing plaintext API secrets like fbAppSecret, googleClientSecret, twitterAppSecret...

6.9CVSS5.8AI score0.00274EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/13 1:18 a.m.25 views

CVE-2026-22203 wpDiscuz before 7.6.47 - Options Export Leaks OAuth Secrets in Plaintext

wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin options as JSON. Attackers can obtain exported files containing plaintext API secrets like fbAppSecret, googleClientSecret, twitterAppSecret...

6.9CVSS0.00274EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/13 1:18 a.m.9 views

CVE-2026-22203

wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin options as JSON. Attackers can obtain exported files containing plaintext API secrets like fbAppSecret, googleClientSecret, twitterAppSecret...

6.9CVSS5.8AI score0.00274EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.7 views

PT-2026-25143

wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin options as JSON. Attackers can obtain exported files containing plaintext API secrets like fbAppSecret, googleClientSecret, twitterAppSecret...

6.9CVSS5.8AI score0.00274EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.3 views

Malicious Package

Overview transform-simplify-comparison-operators is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it...

9.8CVSS5.9AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/11 5:17 p.m.4 views

CVE-2026-31862

Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, multiple Git-related API endpoints use execAsync with string interpolation of user-controlled parameters file, branch, message, commit, allowing authenticated attackers to...

9.1CVSS6AI score0.00437EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/05 10:16 p.m.6 views

CVE-2026-28484

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

0.00049EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.10 views

PT-2026-23485

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.2 Description Gogs, a self-hosted Git service, has an issue where deleting a release can fail due to improper handling of user-controlled tag names passed to Git. Specifically, if a tag name begins with a dash, it c...

9.9CVSS5.9AI score0.01093EPSS
Exploits26References142
CNVD
CNVD
added 2026/02/05 12:0 a.m.7 views

Google Go Code Execution Vulnerability (CNVD-2026-10650)

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A code execution vulnerability exists in Google Go due to an insecure construction of external VCS commands when handling untrusted module sources or malicious version strings in...

7CVSS6.9AI score0.00335EPSS
Exploits0References1
Fedora
Fedora
added 2026/02/04 2:11 a.m.6 views

[SECURITY] Fedora 43 Update: python-jupytext-1.19.1-1.fc43

Have you always wished Jupyter notebooks were plain text documents? Wished you could edit them in your favorite IDE? And get clear and meaningful diffs when doing version control? Then... Jupytext may well be the tool you're looking for! Jupytext is a plugin for Jupyter that can save Jupyter...

8.2CVSS5.9AI score0.01535EPSS
Exploits0
Fedora
Fedora
added 2026/02/04 2:5 a.m.7 views

[SECURITY] Fedora 42 Update: python-jupytext-1.19.1-1.fc42

Have you always wished Jupyter notebooks were plain text documents? Wished you could edit them in your favorite IDE? And get clear and meaningful diffs when doing version control? Then... Jupytext may well be the tool you're looking for! Jupytext is a plugin for Jupyter that can save Jupyter...

8.2CVSS5.9AI score0.01535EPSS
Exploits0
CVE
CVE
added 2026/01/28 7:30 p.m.48 views

CVE-2025-68119

CVE-2025-68119 describes local code execution and arbitrary-file writes when downloading/building modules with malicious version strings in environments where external VCS tools are present. Specifically: on systems with Mercurial (hg), downloading modules from non-standard sources (e.g., custom ...

7CVSS7.8AI score0.00335EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/01/28 7:30 p.m.5 views

EUVD-2025-206446

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

7CVSS6.4AI score0.00335EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/28 7:30 p.m.4 views

CVE-2025-68119 Unexpected code execution when invoking toolchain in cmd/go

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

6.4AI score0.00335EPSS
Exploits0References4
OSV
OSV
added 2026/01/28 7:7 p.m.6 views

GO-2026-4338 Unexpected code execution when invoking toolchain in cmd/go

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

7CVSS6.3AI score0.00335EPSS
Exploits0References3
OSV
OSV
added 2026/01/09 2:11 p.m.10 views

CLSA-2026-1767950442 git: Fix of CVE-2024-32021

CVE-2024-32021: checking whether the hardlinked destination file matches the source file and abort in case it doesn't...

7.1CVSS7.3AI score0.00956EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.19 views

CVE-2024-41673

Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8...

7.1CVSS5.8AI score0.004EPSS
Exploits0References1
Rows per page
Query Builder