Lucene search
K

42 matches found

NVD
NVD
added 2026/06/25 5:16 p.m.7 views

CVE-2026-55092

Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the artifact manifest as the destination filename without validation. An attacker who can make Trivy fetch an attacker-controlled artifact can supply a...

7.5CVSS0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 12:59 p.m.10 views

CVE-2026-42099 Race Condition in Sparx Pro Cloud Server

Sparx Pro Cloud Server is vulnerable to a Race Condition in the /dataapi/dlinternalartifact.php endpoint. The application downloads the properties of the object pointed by guid parameter and saves loaded content in current location DIR under the specified name. An attacker with repository access...

7.7CVSS6.2AI score0.00724EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2026/04/20 12:31 a.m.118 views

Exploit for Command Injection in Paloaltonetworks Pan-Os

CVE-2024-3400 Author: wa6n3r | GitHubhttps://github...

10CVSS7.6AI score0.99999EPSS
Exploits43
OSV
OSV
added 2026/04/07 1:16 p.m.7 views

PYSEC-2026-94

MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to...

4.3CVSS5.8AI score0.00362EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2026/04/07 12:57 p.m.1 views

CVE-2026-33866 Authorization Bypass in MLflow AJAX Endpoint

MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to...

5.3CVSS5.9AI score0.00362EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-3409

Malicious code in bioql PyPI...

6.3CVSS6.2AI score0.00633EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-34759

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.0082EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-1024

Malicious code in bioql PyPI...

5.9CVSS5.8AI score0.00863EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-2501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacke...

7.5CVSS7.3AI score0.0082EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 1:8 a.m.9 views

CVE-2022-2501

An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required...

7.5CVSS6.5AI score0.0082EPSS
Exploits0References1
NVD
NVD
added 2025/04/18 9:15 p.m.34 views

CVE-2025-32953

z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the makefile-ubuntu.yml workflow file uses actions/upload-artifact@v4 to upload the z80pack-ubuntu artifact. This artifact is a zip of the current directory, which includes the automatically...

8.7CVSS0.00469EPSS
Exploits0References5
OSV
OSV
added 2025/04/18 8:42 p.m.11 views

CVE-2025-32953 z80pack Vulnerable to Exposure of the GITHUB_TOKEN in Workflow Run Artifact

z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the makefile-ubuntu.yml workflow file uses actions/upload-artifact@v4 to upload the z80pack-ubuntu artifact. This artifact is a zip of the current directory, which includes the automatically...

8.7CVSS7.1AI score0.00469EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/12/21 12:0 a.m.8 views

CBL Mariner 2.0 Security Update: gh (CVE-2024-54132)

The version of gh installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-54132 advisory. - The GitHub CLI is GitHub's official command line tool. A security vulnerability has been identified in GitHub CL...

6.3CVSS5.5AI score0.00633EPSS
Exploits0References2
Veracode
Veracode
added 2024/12/16 6:39 a.m.8 views

Directory Traversal

The github.com/cli/cli is vulnerable to a Directory Traversal. The vulnerability is due to improper handling of artifact names during download when using the gh run download command. Specifically, if a malicious GitHub Actions workflow artifact is named .., the files within the artifact are...

6.3CVSS6.1AI score0.00633EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/12/04 3:32 p.m.12 views

GHSA-2M9H-R57G-45PJ Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability

Summary A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. Details This vulnerability stems from a GitHub Actions workflow artifact name...

6.3CVSS5.8AI score0.00633EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/29 12:0 a.m.4 views

PT-2024-9531

Name of the Vulnerable Software and Affected Versions GitHub CLI versions prior to 2.63.1 Description A security issue has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run...

8.1CVSS7.3AI score0.03001EPSS
Exploits3References44
Github Security Blog
Github Security Blog
added 2024/10/01 6:13 p.m.29 views

Incorrect delegation lookups can make go-tuf download the wrong artifact

During the ongoing work on the TUF conformance test suite, we have come across a test that reveals what we believe is a bug in go-tuf with security implications. The bug exists in go-tuf delegation tracing and could result in downloading the wrong artifact. We have come across this issue in the...

8.2CVSS6.8AI score0.00507EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2024/08/21 3:11 p.m.9 views

GO-2022-0600 HashiCorp Nomad Artifact Download Race Condition in github.com/hashicorp/nomad

HashiCorp Nomad Artifact Download Race Condition in github.com/hashicorp/nomad...

5.9CVSS5.6AI score0.00863EPSS
Exploits0References7
Amazon
Amazon
added 2024/01/22 12:0 a.m.31 views

Important: apache-ivy

Issue Overview: When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which ar...

7.5CVSS8.1AI score0.01596EPSS
Exploits0
OSV
OSV
added 2023/12/04 6:30 p.m.32 views

GHSA-GQJ2-324P-VX73 Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download

Microcks up to version 1.17.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request...

9.8CVSS9.2AI score0.01005EPSS
Exploits1References4
Rows per page
Query Builder