Lucene search
K

6 matches found

EUVD
EUVD
added 3 days ago4 views

EUVD-2026-40357

Woodpecker before 3.15.0 registers the /api/orgs/lookup/orgfullname endpoint without authentication middleware, and the LookupOrg handler unconditionally dereferences the session user user.ForgeID, via ForgeFromUser when selecting the forge to query. For an unauthenticated request session.User...

6.9CVSS5.8AI score0.00362EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 8:56 a.m.10 views

CVE-2023-40034

Woodpecker is a community fork of the Drone CI system. In affected versions an attacker can post malformed webhook data witch lead to an update of the repository data that can e.g. allow the takeover of an repo. This is only critical if the CI is configured for public usage and connected to a for...

8.1CVSS6.8AI score0.00716EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.7 views

CVE-2024-41121

Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...

8.8CVSS6.7AI score0.00737EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-2456

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00737EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-2207

Malicious code in bioql PyPI...

8.1CVSS8AI score0.00716EPSS
Exploits0References7
NVD
NVD
added 2022/04/29 9:15 p.m.22 views

CVE-2022-29947

Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping...

6.1CVSS0.00632EPSS
Exploits0References2
Rows per page
Query Builder