Lucene search
K

1799 matches found

OSV
OSV
added 2026/01/16 10:45 p.m.5 views

CVE-2026-22816 Gradle fails to disable repositories which can expose builds to malicious artifacts

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...

8.6CVSS6.7AI score0.00149EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.5 views

Gradle security vulnerabilities

Gradle is a project build tool based on the JVM, developed by the American company Gradle Inc. It supports Maven, Ivy repositories, etc. Versions of Gradle prior to 9.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that certain exceptions were not treated as...

8.6CVSS5.8AI score0.00135EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/01/15 7:31 p.m.15 views

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

A critical misconfiguration in Amazon Web Services AWS CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, putting every AWS environment at risk. The vulnerability has been codenamed CodeBreach by cloud security...

8.2AI score
Exploits0
Wiz blog
Wiz blog
added 2026/01/15 3:0 p.m.15 views

CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild

Wiz Research discovered a critical supply chain vulnerability that abused a CodeBuild misconfiguration to take over key AWS GitHub repositories - including the JavaScript SDK powering the AWS Console...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/15 11:55 a.m.5 views

Model Security Is the Wrong Frame – The Real Risk Is Workflow Security

As AI copilots and assistants become embedded in daily work, security teams are still focused on protecting the models themselves. But recent incidents suggest the bigger risk lies elsewhere: in the workflows that surround those models. Two Chrome extensions posing as AI helpers were recently...

6.8AI score
Exploits0
NVD
NVD
added 2026/01/14 11:15 p.m.7 views

CVE-2026-0600

Server-Side Request Forgery SSRF vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network...

6.2CVSS0.00284EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/14 10:50 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy repository configuration. An attacker can access internal network resources and cloud metadata endpoints by configuring proxy repositories with malicious URLs. This is only exploitable if t...

7.6CVSS6.6AI score0.00284EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/14 10:50 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy repository configuration. An attacker can access internal network resources and cloud metadata endpoints by configuring proxy repositories with malicious URLs. This is only exploitable if t...

7.6CVSS6.6AI score0.00284EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/14 10:50 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy repository configuration. An attacker can access internal network resources and cloud metadata endpoints by configuring proxy repositories with malicious URLs. This is only exploitable if t...

7.6CVSS6.6AI score0.00284EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/14 10:29 p.m.4 views

CVE-2026-0600 Nexus Repository 3 - Server-Side Request Forgery in Proxy Repository Configuration

Server-Side Request Forgery SSRF vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network...

6.2CVSS6.4AI score0.00284EPSS
Exploits0References1
CVE
CVE
added 2026/01/14 10:29 p.m.12 views

CVE-2026-0600

CVE-2026-0600 is a Server-Side Request Forgery (SSRF) vulnerability affecting Sonatype Nexus Repository 3.x (3.0.0 and later). The issue allows authenticated administrators who configure proxy repositories to set URLs that can reach unintended network destinations, including cloud metadata servic...

6.2CVSS6.4AI score0.00284EPSS
Exploits0References1
OSV
OSV
added 2026/01/14 1:0 p.m.6 views

CLSA-2026-1768395600 Fix CVE(s): CVE-2024-32004

SECURITY UPDATE: Ownership checks for local repositories - debian/patches/CVE-2024-32004.patch: add fix for ownership check in local repositories - CVE-2024-32004...

8.1CVSS7.2AI score0.01271EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.3 views

MiracleLinux 7 : git-1.8.3.1-25.0.5.el7.AXS7 (AXSA:2025-10788:12)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10788:12 advisory. CVE-2025-27613: fix issue where untrusted repositories could create and truncate files, with the fix implemented in versions 2.43.7 and later CVEs:...

3.6CVSS6.9AI score0.00287EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.7 views

MiracleLinux 7 : git-1.8.3.1-25.0.6.el7.AXS7 (AXSA:2025-10998:13)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10998:13 advisory. CVE-2025-46835: prevent malicious creating and overwriting of user's files CVEs: CVE-2025-46835 Git GUI allows you to use the Git source control management...

8.5CVSS8.1AI score0.00296EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:52 a.m.5 views

CVE-2020-10516

An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior t...

9.8CVSS7.2AI score0.01591EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/07 11:51 p.m.4 views

Malicious Package

Overview rt-qa-sampler is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
The Hacker News
The Hacker News
added 2026/01/07 5:19 p.m.6 views

Webinar: Learn How AI-Powered Zero Trust Detects Attacks with No Files or Indicators

Security teams are still catching malware. The problem is what they're not catching. More attacks today don't arrive as files. They don't drop binaries. They don't trigger classic alerts. Instead, they run quietly through tools that already exist inside the environment — scripts, remote access,...

7.2AI score
Exploits0
OSV
OSV
added 2026/01/05 7:16 p.m.5 views

CVE-2025-64419 Coolify vulnerable to command injection via docker-compose.yaml parameters

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository using build...

9.6CVSS7AI score0.00619EPSS
Exploits1References4
Fedora
Fedora
added 2026/01/04 12:54 a.m.16 views

[SECURITY] Fedora 43 Update: gitleaks-8.30.0-1.fc43

Scan git repos or files for secrets using regex and entropy...

7.5CVSS9AI score0.00419EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/02 6:37 p.m.13 views

CVE-2026-21436

eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could escape the directory set by --destdir. This requires the installation of a package from a malicious or compromised source. Files in such packages would not be installed in the path given...

5.8CVSS6.7AI score0.00257EPSS
Exploits0References1
Rows per page
Query Builder