CVE-2026-40313 PraisonAI: ArtiPACKED Vulnerability via GitHub Actions Credential Persistence

PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the...

CVE-2026-1777

The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training Jobs S3 output...

PT-2026-5708

Name of the Vulnerable Software and Affected Versions Amazon SageMaker Python SDK versions prior to 3.2.0 Amazon SageMaker Python SDK versions prior to 2.256.0 Description The Amazon SageMaker Python SDK contains the ModelBuilder HMAC signing key in cleartext within the response elements of the...

EUVD-2025-202451

Jenkins Redpen - Pipeline Reporter for Jira Plugin has a path traversal vulnerability...

CVE-2025-9571

A remote code execution RCE vulnerability exists in Google Cloud Data Fusion. A user with permissions to upload artifacts to a Data Fusion instance can execute arbitrary code within the core AppFabric component. This could allow the attacker to gain control over the Data Fusion instance,...

PT-2025-50308

A remote code execution RCE vulnerability exists in Google Cloud Data Fusion. A user with permissions to upload artifacts to a Data Fusion instance can execute arbitrary code within the core AppFabric component. This could allow the attacker to gain control over the Data Fusion instance,...

BIT-GITLAB-2020-11506

An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to job artifact uploads and file disclosure Exposure of Sensitive Information via request smuggling...

PT-2020-13415 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.0.1 GitLab CE/EE affected versions not specified Description: A security issue in GitLab allowed attackers to achieve Denial of Service attacks through memory exhaustion. This was possible by uploading malicious...

CVE-2020-11506

An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to job artifact uploads and file disclosure Exposure of Sensitive Information via request smuggling...

CVE-2020-11506

An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to job artifact uploads and file disclosure Exposure of Sensitive Information via request smuggling...

Arbitrary file deletion

An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to job artifact uploads and file disclosure Exposure of Sensitive Information via request smuggling...

CVE-2020-11506

CVE-2020-11506 affects GitLab 10.7.0 through 12.9.2. A Workhorse bypass could enable job artifact uploads and disclosure of sensitive information via request smuggling. Subcomponents implicated: GitLab Workhorse; root cause details are not explicitly provided in the included documents beyond the ...

PT-2020-12653 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 10.7.0 through 12.9.2 Description: An issue in GitLab allows a Workhorse bypass, which could lead to job artifact uploads and file disclosure, resulting in the exposure of sensitive information via request smuggling...

FreeBSD : Gitlab -- Multiple Vulnerabilities (570706ff-7ee0-11ea-bd0b-001b217b3468)

Gitlab reports : NuGet Package and File Disclosure through GitLab Workhorse Job Artifact Uploads and File Disclosure through GitLab Workhorse Incorrect membership following group removal Logging of Praefect tokens Update Rack dependency Update OpenSSL dependency C Tenable Network Security, Inc. T...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: NuGet Package and File Disclosure through GitLab Workhorse Job Artifact Uploads and File Disclosure through GitLab Workhorse Incorrect membership following group removal Logging of Praefect tokens Update Rack dependency Update OpenSSL dependency...