Lucene search
K

19 matches found

Friends Of PHP
Friends Of PHP
added 2026/04/17 12:52 p.m.9 views

Argument injection via newline in PHP INI values forwarded to child processes

Impact PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string delimiter, ; as the start of a comment, and most importantly a newli...

7.8CVSS6.6AI score0.00343EPSS
Exploits0Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2026/02/24 12:0 a.m.6 views

Security update for phpunit (important)

openSUSE Security Update: Security update for phpunit Announcement ID: openSUSE-SU-2026:0061-1 Rating: important References: 1257381 Cross-References: CVE-2026-24765 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This update...

7.8CVSS5.5AI score0.00343EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/06 12:0 a.m.3 views

Fedora 42 : phpunit8 (2026-8a7678fa99)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8a7678fa99 advisory. Version 8.5.52 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution PPE attacks using prepared .coverage files in pull requests, a PHPT test will no...

7.8CVSS5.6AI score0.00343EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/06 12:0 a.m.3 views

Fedora 42 : phpunit11 (2026-c3b42a28dd)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-c3b42a28dd advisory. Version 11.5.50 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution PPE attacks using prepared .coverage files in pull requests, a PHPT test will no...

7.8CVSS5.5AI score0.00343EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.2 views

Fedora 43 : phpunit8 (2026-dad4e31f49)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-dad4e31f49 advisory. Version 8.5.52 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution PPE attacks using prepared .coverage files in pull requests, a PHPT test will no...

7.8CVSS5.6AI score0.00343EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.4 views

Fedora 43 : phpunit11 (2026-8ccfe50c58)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8ccfe50c58 advisory. Version 11.5.50 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution PPE attacks using prepared .coverage files in pull requests, a PHPT test will no...

7.8CVSS5.6AI score0.00343EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.3 views

Fedora 43 : phpunit9 (2026-8d8a292bba)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8d8a292bba advisory. Version 9.6.34 - 2026-01-27 Fixed Regression introduced in PHPUnit 9.6.33 ---- Version 9.6.33 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution PPE...

7.8CVSS5.6AI score0.00343EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2024-41606

Malicious code in bioql PyPI...

9.9CVSS6.6AI score0.00769EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 10:34 a.m.5 views

CVE-2024-45798

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...

9.9CVSS7.6AI score0.00769EPSS
Exploits0
NVD
NVD
added 2024/09/17 7:15 p.m.35 views

CVE-2024-45798

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...

9.9CVSS0.00769EPSS
Exploits0References5
OSV
OSV
added 2024/09/17 6:8 p.m.4 views

CVE-2024-45798 Multiple Poisoned Pipeline Execution (PPE) vulnerabilities

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...

9.9CVSS8.2AI score0.00769EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/09/17 6:8 p.m.20 views

CVE-2024-45798 Multiple Poisoned Pipeline Execution (PPE) vulnerabilities

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...

9.9CVSS7.6AI score0.00769EPSS
Exploits0References5
CVE
CVE
added 2024/09/17 6:8 p.m.56 views

CVE-2024-45798

The CVE-2024-45798 entry concerns the arduino-esp32 Arduino core for ESP32/variants. The connected documents describe multiple Poisoned Pipeline Execution (PPE) vulnerabilities in the CI workflow, specifically code injection in tests_results.yml (GHSL-2024-169) and environment variable injection ...

9.9CVSS9.9AI score0.00769EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/09/17 12:0 a.m.5 views

PT-2024-31779 · Arduino · Arduino-Esp32

Name of the Vulnerable Software and Affected Versions: arduino-esp32 affected versions not specified Description: The issue concerns multiple Poisoned Pipeline Execution PPE vulnerabilities in the arduino-esp32 CI, including code injection in the tests results.yml workflow and environment variabl...

9.9CVSS8AI score0.00769EPSS
Exploits0References11
NVD
NVD
added 2024/08/02 3:16 p.m.29 views

CVE-2024-41127

Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-comment.yml workflow is triggered when the...

9.6CVSS0.00825EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/08/02 2:46 p.m.41 views

CVE-2024-41127 Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its `ci-failure-comment.yml` GitHub Workflow, enabling attackers to gain `pull-requests` write access.

Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-comment.yml workflow is triggered when the...

8.3CVSS0.00825EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/08/02 2:46 p.m.36 views

CVE-2024-41127 Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its `ci-failure-comment.yml` GitHub Workflow, enabling attackers to gain `pull-requests` write access.

Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-comment.yml workflow is triggered when the...

8.3CVSS7.6AI score0.00825EPSS
Exploits1References3
CVE
CVE
added 2024/08/02 2:46 p.m.39 views

CVE-2024-41127

CVE-2024-41127 affects Monkeytype via its GitHub Actions workflow ci-failure-comment.yml. A vulnerability in the workflow’s handling of the artifact variable (./pr_num/pr_num.txt) allows interpolation into a JS script after the value is not validated as a number, enabling an attacker to gain writ...

9.6CVSS8.6AI score0.00825EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/17 12:0 a.m.5 views

PT-2024-29282 · Unknown · Monkeytype

Name of the Vulnerable Software and Affected Versions: Monkeytype versions prior to 24.30.0 Description: The issue concerns a Poisoned Pipeline Execution through Code Injection in the ci-failure-comment.yml GitHub Workflow of Monkeytype. This vulnerability allows attackers to gain pull-requests...

9.6CVSS7.7AI score0.00825EPSS
Exploits1References10
Rows per page
Query Builder