Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/21 12:39 p.m.5 views

Malicious code in nikou-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4634b70c99dd84c499d573350a00e86b09e8caaf34786d60b118ce12c64b426 utils/BotClient.js hardcodes a Feishu/Lark appId clia88b12e0b9b51013 and appSecret aBRv7CbiWuL7csrMavfLvc5sMW5B4Ky7 as default constructor values,...

5.8AI score
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/23 11:20 p.m.1 views

CVE-2026-40161

A flaw was found in Tekton Pipelines. A tenant with permissions to create TaskRun or PipelineRun resources can exploit this vulnerability. By omitting the Git API token parameter and pointing the serverURL to an attacker-controlled endpoint, the system-configured Git API token such as a GitHub...

7.7CVSS5.7AI score0.00037EPSS
Exploits0References6
EUVD
EUVDadded 2026/04/21 6:52 p.m.1 views

EUVD-2026-24165

Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL...

7.7CVSS5.7AI score0.00037EPSS
Exploits0References4
NVD
NVDadded 2026/04/21 5:16 p.m.1 views

CVE-2026-40161

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a user-controlled serverURL...

7.7CVSS0.00037EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/01/09 9:18 a.m.5 views

CVE-2021-22236

Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1...

8.8CVSS6.4AI score0.00225EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 6:15 a.m.5 views

CVE-2018-1000196

A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlabnotifier.rb, views/gitlabnotifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser e.g. malicious...

6.5CVSS6.2AI score0.00096EPSS
Exploits0References1
CNVD
CNVDadded 2018/06/07 12:0 a.m.2 views

CloudBees Jenkins Gitlab Hook Plugin Information Disclosure Vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Gitlab Hook Plugin is used in one of...

6.5CVSS6.5AI score0.00096EPSS
Exploits0References1
NVD
NVDadded 2018/06/05 9:29 p.m.9 views

CVE-2018-1000196

A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlabnotifier.rb, views/gitlabnotifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser e.g. malicious...

6.5CVSS6.3AI score0.00096EPSS
Exploits0References1
Rows per page
Query Builder