|
1841
|
- |
|
-
|
-
|
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in …
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-45570
|
2026-05-30 00:42 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1842
|
5.4 |
MEDIUM
Network
|
-
|
-
|
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside…
|
CWE-22
Path Traversal
|
CVE-2026-45571
|
2026-05-30 00:42 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1843
|
- |
|
-
|
-
|
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit o…
|
CWE-180
CWE-345
Incorrect Behavior Order: Validate Before Canonicalize
Insufficient Verification of Data Authenticity
|
CVE-2026-45022
|
2026-05-30 00:42 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1844
|
- |
|
-
|
-
|
Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During the beta phase, we implemented `allowed-origins` and `allowed-hosts` flags to align with MCP security guidelines. Howev…
|
CWE-942
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-9739
|
2026-05-30 00:42 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1845
|
5.3 |
MEDIUM
Network
|
-
|
-
|
opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggag…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-45292
|
2026-05-30 00:42 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1846
|
- |
|
-
|
-
|
A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic sign…
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2026-9037
|
2026-05-30 00:42 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1847
|
- |
|
-
|
-
|
A stack-based buffer overflow vulnerability in the charging controller’s signal-processing logic allows an attacker with physical access to the charging interface to supply message fields that exceed…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-9038
|
2026-05-30 00:42 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1848
|
- |
|
-
|
-
|
A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The se…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2026-9039
|
2026-05-30 00:42 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1849
|
5.0 |
MEDIUM
Local
|
-
|
-
|
GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-read…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-44972
|
2026-05-30 00:39 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1850
|
- |
|
-
|
-
|
This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-32996
|
2026-05-30 00:39 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
