10 matches found
PT-2026-53928
Name of the Vulnerable Software and Affected Versions Woodpecker versions prior to 3.15.0 Description When using the GitLab forge driver, the system matches the ApprovalAllowedUsers bypass list against the pipeline.Author variable. The pipeline.Author is populated from the commit.author.name...
EUVD-2026-33333
OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to approve plugin...
CVE-2026-32906
OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that lets exec-authorized users resolve plugin approvals via the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to approve plugin actions out...
EUVD-2026-27271
OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attackers to obscure which applet would actually run. Attackers can exploit opaque multi-call binaries to bypass exec approval mechanisms and weak...
Malicious File Parsing
@finos/git-proxy is vulnerable to malicious file parsing. The vulnerability is due to improper PACK signature detection in parsePush.ts, which allows an attacker to embed misleading signatures in commit content and craft packet structures to bypass approval or hide commits...
PT-2025-32853
Name of the Vulnerable Software and Affected Versions GitHub Copilot affected versions not specified Visual Studio 2022 versions prior to 17.14.12 Description Improper neutralization of special elements used in a command, known as command injection, in GitHub Copilot and Visual Studio allows an...
Misinterpretation of Input
Overview @finos/git-proxy is a Deploy custom push protections and policies on top of Git. Affected versions of this package are vulnerable to Misinterpretation of Input via the parsePush.ts file. An attacker can bypass approval mechanisms or hide commits by crafting a malicious Git packfile that...
The Fintech Open Source Foundation GitProxy 安全漏洞
The Fintech Open Source Foundation GitProxy is a The Fintech Open Source Foundation Foundation deployment of custom push protections and policies on top of Git. A security vulnerability exists in The Fintech Open Source Foundation GitProxy 1.19.1 and earlier versions, which stems from the...
GitLab Security Breach
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from allowing users to...
check-spelling 日志信息泄露漏洞
check-spelling is a spell checker. check-spelling suffers from a log information disclosure vulnerability that allows an attacker to bypass the standard approval process to push commits to the repository, commits to the repository can then steal any/all secrets available to the repository...