Lucene search
K

10 matches found

Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53928

Name of the Vulnerable Software and Affected Versions Woodpecker versions prior to 3.15.0 Description When using the GitLab forge driver, the system matches the ApprovalAllowedUsers bypass list against the pipeline.Author variable. The pipeline.Author is populated from the commit.author.name...

9.2CVSS6.1AI score0.00546EPSS
Exploits0References10
EUVD
EUVD
added 2026/05/29 3:9 p.m.12 views

EUVD-2026-33333

OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to approve plugin...

4.3CVSS5.8AI score0.00173EPSS
Exploits0References2
CVE
CVE
added 2026/05/29 3:9 p.m.44 views

CVE-2026-32906

OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that lets exec-authorized users resolve plugin approvals via the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to approve plugin actions out...

4.3CVSS5.8AI score0.00173EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/05 11:25 a.m.24 views

EUVD-2026-27271

OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attackers to obscure which applet would actually run. Attackers can exploit opaque multi-call binaries to bypass exec approval mechanisms and weak...

8.8CVSS5.9AI score0.00356EPSS
Exploits0References3
Veracode
Veracode
added 2025/08/13 10:24 a.m.4 views

Malicious File Parsing

@finos/git-proxy is vulnerable to malicious file parsing. The vulnerability is due to improper PACK signature detection in parsePush.ts, which allows an attacker to embed misleading signatures in commit content and craft packet structures to bypass approval or hide commits...

7CVSS7AI score0.0047EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.3 views

PT-2025-32853

Name of the Vulnerable Software and Affected Versions GitHub Copilot affected versions not specified Visual Studio 2022 versions prior to 17.14.12 Description Improper neutralization of special elements used in a command, known as command injection, in GitHub Copilot and Visual Studio allows an...

7.8CVSS6.2AI score0.02559EPSS
Exploits2References62
Snyk
Snyk
added 2025/07/30 8:43 p.m.1 views

Misinterpretation of Input

Overview @finos/git-proxy is a Deploy custom push protections and policies on top of Git. Affected versions of this package are vulnerable to Misinterpretation of Input via the parsePush.ts file. An attacker can bypass approval mechanisms or hide commits by crafting a malicious Git packfile that...

7CVSS6.8AI score0.0047EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/07/30 12:0 a.m.4 views

The Fintech Open Source Foundation GitProxy 安全漏洞

The Fintech Open Source Foundation GitProxy is a The Fintech Open Source Foundation Foundation deployment of custom push protections and policies on top of Git. A security vulnerability exists in The Fintech Open Source Foundation GitProxy 1.19.1 and earlier versions, which stems from the...

7CVSS6.5AI score0.0047EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/11/01 12:0 a.m.5 views

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from allowing users to...

6.5CVSS7AI score0.00373EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/09/09 12:0 a.m.5 views

check-spelling 日志信息泄露漏洞

check-spelling is a spell checker. check-spelling suffers from a log information disclosure vulnerability that allows an attacker to bypass the standard approval process to push commits to the repository, commits to the repository can then steal any/all secrets available to the repository...

9.9CVSS8.3AI score0.02334EPSS
Exploits0References3
Rows per page
Query Builder