2026-04-26 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2026-6951 | n/a - simple-git | Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE) due to an incomplete fix for [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221) that blocks the -c option but not the equivalent –config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still achieve remote code execution by enabling protocol.ext.allow=always and using an ext:: clone source. | CVSS3.1: 9.8 - CRITICAL CVSS4.0: 9.2 - CRITICAL | 0 1 2 | Exploitation: pocAutomatable: yesTechnical Impact: total | undefined | github |
This post is licensed under CC BY 4.0 by the author.