Lucene search
K

848 matches found

Vulnrichment
Vulnrichment
added 2026/03/31 1:46 a.m.2 views

CVE-2026-34042 act: actions/cache server allows malicious cache injection

act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with arbitrary keys and...

8.2CVSS6.4AI score0.00459EPSS
Exploits0References4
OSV
OSV
added 2026/03/31 1:46 a.m.6 views

CVE-2026-34042 act: actions/cache server allows malicious cache injection

act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with arbitrary keys and...

8.2CVSS6.4AI score0.00459EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/31 1:43 a.m.4 views

CVE-2026-34041 act: Unrestricted set-env and add-path command processing enables environment injection

act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted data to stdout, an...

7.7CVSS5.9AI score0.00619EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 1:43 a.m.4 views

CVE-2026-34041

act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted data to stdout, an...

7.7CVSS5.9AI score0.00619EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/31 1:43 a.m.25 views

CVE-2026-34041 act: Unrestricted set-env and add-path command processing enables environment injection

act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted data to stdout, an...

7.7CVSS0.00619EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.7 views

Act 注入漏洞

Act is a locally run tool developed by Nektos and open source. Versions of Act prior to 0.2.86 had an injection vulnerability. This vulnerability stemmed from unconditionally processing the::set-env:: and::add-path:: workflow commands, which could lead to setting arbitrary environment variables o...

9.8CVSS5.9AI score0.00619EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.7 views

Act 安全漏洞

Act is a locally run tool developed by Nektos and open source. Versions of Act prior to 0.2.86 have security vulnerabilities. These vulnerabilities stem from the built-in actions/cache server, which listens to all interface connections. This could lead to arbitrary cache creation and retrieval,...

8.2CVSS6.4AI score0.00459EPSS
Exploits0References4
Circl
Circl
added 2026/03/29 5:0 p.m.6 views

CVE-2026-4724

creationtimestamp| type| source ---|---|--- 2026-03-29 17:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/actualite/CERTFR-2026-ACT-013/...

9.1CVSS7.2AI score0.00322EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/27 8:50 p.m.2 views

CVE-2026-33896 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, pki.verifyCertificateChain does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions...

7.4CVSS6.6AI score0.00348EPSS
Exploits1References2
CVE
CVE
added 2026/03/27 8:50 p.m.61 views

CVE-2026-33896

Technical details are not publicly available in the provided documents; no affected products, versions, or remediation are specified. Monitor for updates to confirm scope and fixes.

9.1CVSS6.6AI score0.00348EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 7:17 p.m.36 views

act: Unrestricted set-env and add-path command processing enables environment injection

Summary act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which GitHub Actions disabled in October 2020 CVE-2020-15228, GHSA-mfwh-5m23-j46w due to environment injection risks. When a workflow step echoes untrusted data to stdout, an attacker can inject...

9.8CVSS6.5AI score0.00619EPSS
Exploits1References6Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/03/19 8:3 a.m.4 views

net/sched: act_gate: snapshot parameters with RCU on replace

...

7.8CVSS5.8AI score0.00125EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/19 12:26 a.m.4 views

SUSE CVE-2026-23270

In the Linux kernel, the following vulnerability has been resolved: net/sched: Only allow actct to bind to clsact/ingress qdiscs and shared blocks As Paolo said earlier 1: "Since the blamed commit below, classify can return TCACTCONSUMED while the current skb being held by the defragmentation...

5.5CVSS5.6AI score0.00123EPSS
Exploits0References20
UbuntuCve
UbuntuCve
added 2026/03/18 6:16 p.m.3 views

CVE-2026-23270

In the Linux kernel, the following vulnerability has been resolved: net/sched: Only allow actct to bind to clsact/ingress qdiscs and shared blocks As Paolo said earlier 1: "Since the blamed commit below, classify can return TCACTCONSUMED while the current skb being held by the defragmentation...

7.8CVSS5.7AI score0.00123EPSS
Exploits0References6
OSV
OSV
added 2026/03/18 6:16 p.m.5 views

UBUNTU-CVE-2026-23270

In the Linux kernel, the following vulnerability has been resolved: net/sched: Only allow actct to bind to clsact/ingress qdiscs and shared blocks As Paolo said earlier 1: "Since the blamed commit below, classify can return TCACTCONSUMED while the current skb being held by the defragmentation...

7.8CVSS5.7AI score0.00123EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/18 12:31 p.m.6 views

EUVD-2026-12808

In the Linux kernel, the following vulnerability has been resolved: net/sched: actgate: snapshot parameters with RCU on replace The gate action can be replaced while the hrtimer callback or dump path is walking the schedule list. Convert the parameters to an RCU-protected snapshot and swap update...

5.7AI score0.00125EPSS
Exploits0References4
NVD
NVD
added 2026/03/18 11:16 a.m.4 views

CVE-2026-23245

In the Linux kernel, the following vulnerability has been resolved: net/sched: actgate: snapshot parameters with RCU on replace The gate action can be replaced while the hrtimer callback or dump path is walking the schedule list. Convert the parameters to an RCU-protected snapshot and swap update...

7.8CVSS0.00125EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/03/18 10:5 a.m.5 views

CVE-2026-23245

In the Linux kernel, the following vulnerability has been resolved: net/sched: actgate: snapshot parameters with RCU on replace The gate action can be replaced while the hrtimer callback or dump path is walking the schedule list. Convert the parameters to an RCU-protected snapshot and swap update...

7.8CVSS5.2AI score0.00125EPSS
Exploits0
CVE
CVE
added 2026/03/18 10:5 a.m.28 views

CVE-2026-23245

CVE-2026-23245 (Linux kernel, net/sched) is resolved. The vulnerability allowed replacing a gate action’s parameters while the hrtimer callback or a dump path walked the schedule list. The fix converts gate parameter updates from plain pointers to an RCU-protected snapshot , swapping updates unde...

7.8CVSS5.7AI score0.00125EPSS
Exploits0References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-23270

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: Only allow actct to bind to clsact/ingress qdiscs and shared blocks As Paolo said earlier 1: Since the blamed commit below, classify can return...

7.8CVSS7AI score0.00123EPSS
Exploits0References3
Rows per page
Query Builder