CloudPirates Open Source Helm Charts 代码注入漏洞

CloudPirates Open Source Helm Charts is a collection of Helm Charts for cloud-native applications, developed by CloudPirates.io. Previous versions of CloudPirates Open Source Helm Charts had a code injection vulnerability. This vulnerability stemmed from GitHub Actions workflows exposing sensitiv...

CVE-2026-29872

The CVE-2026-29872 issue affects the awesome-llm-apps project, specifically a Streamlit-based GitHub MCP Agent. The underlying problem is storing user-provided API tokens in process-wide environment variables via os.environ without proper session isolation, allowing cross-session information disc...

CVE-2025-1198

An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allowed revoked Personal Access Tokens access to streaming results...

Docker Desktop < 4.54.0 Sensitive Data Leakage

The version of Docker Desktop is prior to 4.54.0. It is therefore affected by a data leakage vulnerability. Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported...

CVE-2025-13743

Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...

EUVD-2025-202325

Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...

CVE-2025-13743

Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...

CVE-2025-13743 Expired Personal Access Tokens (PATs) are recorded in Docker Desktop diagnostic logs

Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...

Code to Cloud Attacks: From Github PAT to Cloud Control Plane

How attackers are leveraging compromised employee GitHub Personal Access Tokens to compromise cloud environments...

EUVD-2017-9974

Malware in sbrugna...

EUVD-2023-54186

Malicious code in bioql PyPI...

EUVD-2025-2071

Malicious code in bioql PyPI...

EUVD-2023-1492

Malicious code in bioql PyPI...

EUVD-2022-7767

Malicious code in bioql PyPI...

EUVD-2024-26086

Malicious code in bioql PyPI...

EUVD-2025-20874

Malicious code in bioql PyPI...

Mozilla: User Can Delete Other Users' Personal Access Tokens at /delete-token/{token_id}/ on Mozilla Pontoon

A vulnerability was discovered in the Mozilla Pontoon application that allowed users to delete other users' personal access tokens at the /delete-token/tokenid/ endpoint without proper permission checks. The vulnerability was caused by the absence of user permission verification in the deletetoke...

GHSA-X6GV-2RVH-QMP6 m00nl1ght-dev/steam-workshop-deploy: Exposure of Version-Control Repository to an Unauthorized Control Sphere and Insufficiently Protected Credentials

Summary The steam-workshop-deploy github action does not exclude the .git directory when packaging content for deployment and provides no built-in way to do so. If a .git folder exists in the target directory e.g., due to a local Git repo, custom project structure, or via the actions/checkout...

m00nl1ght-dev/steam-workshop-deploy: Exposure of Version-Control Repository to an Unauthorized Control Sphere and Insufficiently Protected Credentials

Summary The steam-workshop-deploy github action does not exclude the .git directory when packaging content for deployment and provides no built-in way to do so. If a .git folder exists in the target directory e.g., due to a local Git repo, custom project structure, or via the actions/checkout...

PT-2025-34541 · Github Actions · Boldestdungeon/Steam-Workshop-Deploy +1

Summary The steam-workshop-deploy github action does not exclude the .git directory when packaging content for deployment and provides no built-in way to do so. If a .git folder exists in the target directory e.g., due to a local Git repo, custom project structure, or via the actions/checkout...