Lucene search
K

942 matches found

NVD
NVD
added 2025/06/20 3:15 a.m.11 views

CVE-2025-6264

Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions. To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch...

5.5CVSS0.00963EPSS
Exploits2References3
OSV
OSV
added 2025/06/20 3:15 a.m.5 views

CVE-2025-6264

Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions. To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch...

5.5CVSS7.2AI score0.00963EPSS
Exploits2References3
Packet Storm News
Packet Storm News
added 2025/06/19 12:0 a.m.3 views

Spotting Tell-Tale Visual Artifacts in Face Swapping Videos: Strengths and Pitfalls of CNN Detectors

Face swapping manipulations in video streams represents an increasing threat in remote video communications, due to advances in automated and real-time tools. Recent literature proposes to characterize and exploit visual artifacts introduced in video frames by swapping algorithms when dealing wit...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/11 12:0 a.m.9 views

AURA: a Multi-Agent Intelligence Framework for Knowledge-Enhanced Cyber Threat Attribution

Effective attribution of Advanced Persistent Threats APTs increasingly hinges on the ability to correlate behavioral patterns and reason over complex, varied threat intelligence artifacts. We present AURA Attribution Using Retrieval-Augmented Agents, a multi-agent, knowledge-enhanced framework fo...

6.8AI score
Exploits0
Snyk
Snyk
added 2025/06/10 9:31 p.m.2 views

Unsafe Dependency Resolution

Overview @nx/azure-cache is an A Nx plugin which provides a Nx cache which can be self hosted on Azure Blob Storage. Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the build cache process. An attacker can inject compromised artifacts into trusted production...

9.9CVSS6.6AI score0.00192EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/10 7:23 p.m.5 views

CVE-2025-36852 Build Cache Poisoning via Untrusted Pull Requests

A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache such as those using Amazon S3, Google Cloud Storage, or similar object storage that allows any contributor with pull request privileges to inject compromised artifacts...

9.4CVSS6.6AI score0.00192EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.4 views

Nx 安全漏洞

Nx is an application from Nx, Inc. A security vulnerability exists in Nx that stems from a design flaw in the bucket-based remote cache that could lead to the injection of compromised artifacts into a trusted production environment...

9.4CVSS6.8AI score0.00192EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/05/29 12:0 a.m.7 views

Digital Forensic Investigation of the ChatGPT Windows Application

The ChatGPT Windows application offers better user interaction in the Windows operating system OS by enhancing productivity and streamlining the workflow of ChatGPT's utilization. However, there are potential misuses associated with this application that require rigorous forensic analysis. This...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 11:56 a.m.10 views

CVE-2025-0290

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive...

4.3CVSS6.4AI score0.00358EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:40 a.m.10 views

CVE-2025-24362

In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to the repository...

7.1CVSS7.2AI score0.00892EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:43 a.m.7 views

CVE-2024-23905

Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

5.4CVSS6.8AI score0.00564EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:5 a.m.3 views

CVE-2024-5318

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts...

5.3CVSS6.8AI score0.00366EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:41 a.m.3 views

CVE-2024-23332

The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide outdated versions o...

6.8CVSS6.7AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:7 a.m.12 views

CVE-2024-45036

Tophat is a mobile applications testing harness. An Improper Access Control vulnerability can expose the TOPHATAPPTOKEN token stored in /.tophatrc through use of a malicious Tophat URL controlled by the attacker. The vulnerability allows Tophat to send this token to the attacker's server without...

4.3CVSS6.7AI score0.00268EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 7:33 a.m.7 views

CVE-2024-7057

An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level...

4.3CVSS6AI score0.00372EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:54 a.m.6 views

CVE-2023-33959

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Use...

8.8CVSS8.5AI score0.00354EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:50 a.m.3 views

CVE-2023-0121

A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test repo...

7.5CVSS6.7AI score0.01243EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:7 p.m.7 views

CVE-2022-41233

Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled...

4.3CVSS6.2AI score0.00503EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:10 p.m.5 views

CVE-2022-3759

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child...

7.5CVSS6.5AI score0.01216EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:21 p.m.9 views

CVE-2021-41394

Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations...

5.3CVSS6.9AI score0.01175EPSS
Exploits0
Rows per page
Query Builder