Lucene search
K

15 matches found

Cvelist
Cvelist
added 2026/06/03 7:18 a.m.48 views

CVE-2026-4035 Environment Variable Resolution Vulnerability in mlflow/mlflow

A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the apikey field in...

9.1CVSS0.00435EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.22 views

PT-2026-45906

Name of the Vulnerable Software and Affected Versions mlflow versions prior to 3.11.0 Description An issue allows for the resolution of environment variables in AI Gateway secrets, enabling the exfiltration of sensitive server-side environment credentials to an attacker-controlled endpoint. This...

9.1CVSS8.2AI score0.00435EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-42300

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00735EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/06/10 12:0 a.m.8 views

PT-2025-24926 · Nx +1 · Aws S3 Remote Cache Plugin For Nx +6

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A critical security issue exists in remote cache extensions for common build systems that utilize bucket-based remote cache, such as those using Amazon S3 or Google Cloud Storage. This issue...

9.4CVSS6.2AI score0.00192EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/02/05 8:17 a.m.5 views

CVE-2024-47179

RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 64e00e7 fixed the underlying issue and made t...

8.8CVSS7AI score0.00735EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/06 4:14 p.m.13 views

CVE-2024-54143 openwrt/asu allows build artifact poisoning via truncated SHA-256 hash and command injection

openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. This significantly reduces entropy, making it feasible for an attacker to generate collisions. By exploiting this, a previously built malicious...

9.3CVSS7.7AI score0.01867EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/06 4:14 p.m.30 views

CVE-2024-54143 openwrt/asu allows build artifact poisoning via truncated SHA-256 hash and command injection

openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. This significantly reduces entropy, making it feasible for an attacker to generate collisions. By exploiting this, a previously built malicious...

9.3CVSS0.01867EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/11/25 3:26 p.m.22 views

Artifact poisoning vulnerability in action-download-artifact v5 and earlier

Summary In versions of dawidd6/action-download-artifact before v6, a repository's forks were also searched by default when attempting to find matching artifacts. This could be exploited by an unprivileged attacker to introduce compromised artifacts such as malicious executables into a privileged...

6.9AI score
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/25 12:0 a.m.1 views

PT-2024-40108 · Github Actions · Dawidd6/Action-Download-Artifact

Name of the Vulnerable Software and Affected Versions: dawidd6/action-download-artifact versions prior to v6 Description: The issue allows an unprivileged attacker to introduce compromised artifacts into a privileged workflow context by exploiting the default behavior of searching a repository's...

8.7CVSS7AI score
Exploits0References5
NVD
NVD
added 2024/09/26 8:15 p.m.12 views

CVE-2024-47179

RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 64e00e7 fixed the underlying issue and made t...

8.8CVSS0.00735EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/09/26 7:10 p.m.20 views

CVE-2024-47179 RSSHub's `docker-test-cont.yml` workflow is vulnerable to Artifact Poisoning which may lead to a full repository takeover.

RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 64e00e7 fixed the underlying issue and made t...

8.8CVSS0.00735EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/09/26 7:10 p.m.11 views

CVE-2024-47179 RSSHub's `docker-test-cont.yml` workflow is vulnerable to Artifact Poisoning which may lead to a full repository takeover.

RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 64e00e7 fixed the underlying issue and made t...

8.8CVSS7.3AI score0.00735EPSS
Exploits0References8
CVE
CVE
added 2024/09/26 7:10 p.m.47 views

CVE-2024-47179

RSSHub’s docker-test-cont.yml workflow was vulnerable to Artifact Poisoning prior to commit 64e00e7, allowing an attacker to exploit an unvalidated artifact (rsshub.tar.zst) and potentially gain a full repository takeover via a malicious package.json. Downstream users were not affected, and commi...

8.8CVSS8.7AI score0.00735EPSS
Exploits0References8
OSV
OSV
added 2024/09/26 7:10 p.m.9 views

CVE-2024-47179 RSSHub's `docker-test-cont.yml` workflow is vulnerable to Artifact Poisoning which may lead to a full repository takeover.

RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 64e00e7 fixed the underlying issue and made t...

8.8CVSS7.1AI score0.00735EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.4 views

PT-2024-32460 · Rsshub · Rsshub

Name of the Vulnerable Software and Affected Versions: RSSHub versions prior to commit 64e00e7 Description: RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning, which could have led to a full repository takeover. The workflow gets triggered when the PR - Docker build test...

8.8CVSS7.2AI score0.00735EPSS
Exploits0References17
Rows per page
Query Builder