1799 matches found
CVE-2026-22816 Gradle fails to disable repositories which can expose builds to malicious artifacts
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...
Gradle security vulnerabilities
Gradle is a project build tool based on the JVM, developed by the American company Gradle Inc. It supports Maven, Ivy repositories, etc. Versions of Gradle prior to 9.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that certain exceptions were not treated as...
AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks
A critical misconfiguration in Amazon Web Services AWS CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, putting every AWS environment at risk. The vulnerability has been codenamed CodeBreach by cloud security...
CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild
Wiz Research discovered a critical supply chain vulnerability that abused a CodeBuild misconfiguration to take over key AWS GitHub repositories - including the JavaScript SDK powering the AWS Console...
Model Security Is the Wrong Frame – The Real Risk Is Workflow Security
As AI copilots and assistants become embedded in daily work, security teams are still focused on protecting the models themselves. But recent incidents suggest the bigger risk lies elsewhere: in the workflows that surround those models. Two Chrome extensions posing as AI helpers were recently...
CVE-2026-0600
Server-Side Request Forgery SSRF vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy repository configuration. An attacker can access internal network resources and cloud metadata endpoints by configuring proxy repositories with malicious URLs. This is only exploitable if t...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy repository configuration. An attacker can access internal network resources and cloud metadata endpoints by configuring proxy repositories with malicious URLs. This is only exploitable if t...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy repository configuration. An attacker can access internal network resources and cloud metadata endpoints by configuring proxy repositories with malicious URLs. This is only exploitable if t...
CVE-2026-0600 Nexus Repository 3 - Server-Side Request Forgery in Proxy Repository Configuration
Server-Side Request Forgery SSRF vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network...
CVE-2026-0600
CVE-2026-0600 is a Server-Side Request Forgery (SSRF) vulnerability affecting Sonatype Nexus Repository 3.x (3.0.0 and later). The issue allows authenticated administrators who configure proxy repositories to set URLs that can reach unintended network destinations, including cloud metadata servic...
CLSA-2026-1768395600 Fix CVE(s): CVE-2024-32004
SECURITY UPDATE: Ownership checks for local repositories - debian/patches/CVE-2024-32004.patch: add fix for ownership check in local repositories - CVE-2024-32004...
MiracleLinux 7 : git-1.8.3.1-25.0.5.el7.AXS7 (AXSA:2025-10788:12)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10788:12 advisory. CVE-2025-27613: fix issue where untrusted repositories could create and truncate files, with the fix implemented in versions 2.43.7 and later CVEs:...
MiracleLinux 7 : git-1.8.3.1-25.0.6.el7.AXS7 (AXSA:2025-10998:13)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10998:13 advisory. CVE-2025-46835: prevent malicious creating and overwriting of user's files CVEs: CVE-2025-46835 Git GUI allows you to use the Git source control management...
CVE-2020-10516
An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior t...
Malicious Package
Overview rt-qa-sampler is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Webinar: Learn How AI-Powered Zero Trust Detects Attacks with No Files or Indicators
Security teams are still catching malware. The problem is what they're not catching. More attacks today don't arrive as files. They don't drop binaries. They don't trigger classic alerts. Instead, they run quietly through tools that already exist inside the environment — scripts, remote access,...
CVE-2025-64419 Coolify vulnerable to command injection via docker-compose.yaml parameters
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository using build...
[SECURITY] Fedora 43 Update: gitleaks-8.30.0-1.fc43
Scan git repos or files for secrets using regex and entropy...
CVE-2026-21436
eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could escape the directory set by --destdir. This requires the installation of a package from a malicious or compromised source. Files in such packages would not be installed in the path given...