EUVD-2026-11331

xygeni-action v5 tag poisoned with C2 backdoor...

CVE-2026-31976

xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests 46, 47, 48 injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main...

CVE-2017-0918

Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution...

CVE-2017-0918

Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution...

Debian DSA-4145-1 : gitlab - security update

Several vulnerabilities have been discovered in Gitlab, a software platform to collaborate on code : - CVE-2017-0915/ CVE-2018-3710 Arbitrary code execution in project import. - CVE-2017-0916 Command injection via Webhooks. - CVE-2017-0917 Cross-site scripting in CI job output. - CVE-2017-0918...

GitLab: GitLab CI runner can read and poison cache of all other projects

The GitLab CI runner allows users to cache files and directories in between runs. These files are stored in a ZIP file and uploaded to a shared cache instance. In my testing, the files were uploaded to runners-cache-4-internal.gitlab.com and runners-cache-3-internal.gitlab.com, even for dedicated...