Lucene search
K

28 matches found

CVE
CVE
added yesterday8 views

CVE-2026-48192

CVE-2026-48192 affects Mendix Studio Pro across multiple versions (10.x and 11.x) with a flaw where built project files are not properly validated/sanitized during the build pipeline. An attacker could trick a user into opening and running a specially crafted malicious project locally, potentiall...

6.8CVSS6.1AI score
Exploits0References1
Snyk
Snyk
added 2026/05/11 9:0 p.m.8 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.15 views

PT-2026-37196

Name of the Vulnerable Software and Affected Versions pyp2spec versions prior to 0.14.1 Description pyp2spec writes PyPI package metadata, such as the summary field, into generated spec files without escaping RPM macro directives. When a packager uses tools like rpmbuild -bs, rpmbuild --nobuild, ...

7.8CVSS6.2AI score0.00197EPSS
Exploits0References8
GitLab Advisory Database
GitLab Advisory Database
added 2026/04/23 12:0 a.m.9 views

melange has Path Traversal via .PKGINFO in --persist-lint-results

melange lint --persist-lint-results opt-in flag, also usable via melange build --persist-lint-results constructs output file paths by joining --out-dir with the arch and pkgname values read from the .PKGINFO control file of the APK being linted. In affected versions these values were not validate...

4.4CVSS5.9AI score0.00172EPSS
Exploits0References4Affected Software1
Wiz blog
Wiz blog
added 2026/04/20 12:0 p.m.6 views

From Code to Pipeline: Wiz Code Now Secures Your Build Environment

Threat actors have moved upstream, and while security teams have focused on the code developers write, the systems that build and deliver that code have remained a blind spot...

5.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/02/07 12:24 a.m.5 views

SUSE CVE-2026-24844

melange allows users to build apk packages using declarative pipelines. From version 0.3.0 to before 0.40.3, an attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses $vars. or $inputs. substitutions in...

8.8CVSS5.7AI score0.00176EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-3658

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00735EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/29 8:36 p.m.5 views

CVE-2025-34212 Vasion Print (formerly PrinterLogic) Insecure Build Pipeline

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 VA/SaaS deployments possess CI/CD weaknesses: the build pulls an unverified third-party image, downloads the VirtualBox Extension Pack over plain HTTP without signature...

8.7CVSS8.1AI score0.00627EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/09/29 8:36 p.m.10 views

CVE-2025-34212 Vasion Print (formerly PrinterLogic) Insecure Build Pipeline

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 VA/SaaS deployments possess CI/CD weaknesses: the build pulls an unverified third-party image, downloads the VirtualBox Extension Pack over plain HTTP without signature...

8.7CVSS0.00627EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/02/05 2:47 p.m.19 views

CVE-2020-15123

In codecov npm package before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE CVE-2020-7597 for GHSA-5q88-cjfq-g2mh was...

9.3CVSS7.4AI score0.03805EPSS
Exploits2
NVD
NVD
added 2024/11/19 4:15 p.m.11 views

CVE-2024-52582

Cachi2 is a command-line interface tool that pre-fetches a project's dependencies to aid in making the project's build process network-isolated. Prior to version 0.14.0, secrets may be shown in logs when an unhandled exception is triggered because the tool is logging locals of each function. This...

4.7CVSS0.00179EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:24 p.m.5 views

Malicious code in Be.Vlаanderen.Bаsisregisters.Build.Pipeline (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/06/25 1:24 p.m.6 views

MAL-2024-4292 Malicious code in Be.Vlаanderen.Bаsisregisters.Build.Pipeline (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:24 p.m.4 views

Malicious code in Be.Vlаanderen.Bаsisregіsters.Buіld.Pipeline (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/06/25 1:24 p.m.7 views

MAL-2024-4293 Malicious code in Be.Vlаanderen.Bаsisregіsters.Buіld.Pipeline (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/24 4:52 p.m.29 views

Jenkins Build Pipeline Plugin vulnerable to Cross-site Scripting

Build Pipeline Plugin does not properly escape variables in views, resulting in a stored cross-site scripting vulnerability exploitable by users with permission to configure build pipelines. This vulnerability is only exploitable on Jenkins releases older than 2.146 or 2.138.2 due to the security...

5.4CVSS1.2AI score0.00735EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 4:52 p.m.22 views

GHSA-CX5R-P4VJ-2MQH Jenkins Build Pipeline Plugin vulnerable to Cross-site Scripting

Build Pipeline Plugin does not properly escape variables in views, resulting in a stored cross-site scripting vulnerability exploitable by users with permission to configure build pipelines. This vulnerability is only exploitable on Jenkins releases older than 2.146 or 2.138.2 due to the security...

5.4CVSS5.2AI score0.00735EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2022/05/14 2:43 a.m.5 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +2157 more potentially affected by CVE-2010-3700 via org.acegisecurity:acegi-security (>=1.0.0 <=1.0.7)

org.acegisecurity:acegi-security MAVEN version =1.0.0, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.1, =0.1.0, =1.0, =1.17.3 and more Source cves: CVE-2010-3700 Source advisory: OSV:GHSA-3295-H9QX-R82X...

5CVSS5.8AI score0.01673EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2020/07/20 6:15 p.m.3 views

CVE-2020-15123

In codecov npm package before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE CVE-2020-7597 for GHSA-5q88-cjfq-g2mh was...

9.3CVSS5.7AI score0.03805EPSS
Exploits2References6Affected Software1
Prion
Prion
added 2020/07/20 6:15 p.m.20 views

Command injection

In codecov npm package before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE CVE-2020-7597 for GHSA-5q88-cjfq-g2mh was...

6.8CVSS9.2AI score0.03805EPSS
Exploits2References5Affected Software1
Rows per page
Query Builder