CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

RedhatCVE•added 2026/01/09 8:56 a.m.•5 views

CVE-2023-40034

Woodpecker is a community fork of the Drone CI system. In affected versions an attacker can post malformed webhook data witch lead to an update of the repository data that can e.g. allow the takeover of an repo. This is only critical if the CI is configured for public usage and connected to a for...

8.1CVSS6.8AI score0.00374EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-0342

Malware in sbrugna...

8.6CVSS8.7AI score0.003EPSS

Exploits0References8

RedhatCVE•added 2025/05/23 10:49 a.m.•13 views

CVE-2024-25129

The CodeQL CLI repo holds binaries for the CodeQL command line interface CLI. Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process either a maliciously...

5.5CVSS6.6AI score0.00117EPSS

Exploits0References1

OSV•added 2024/12/27 3:15 p.m.•1 views

DEBIAN-CVE-2024-56582

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free in btrfsencodedreadendio Shinichiro reported the following use-after free that sometimes is happening in our CI system when running fstests' btrfs/284 on a TCMU runner device: BUG: KASAN:...

7.8CVSS5.7AI score0.00013EPSS

Exploits0References1

Prion•added 2024/02/22 7:15 p.m.•15 views

Xxe

1.2CVSS6.9AI score0.00117EPSS

Exploits0References3

Cvelist•added 2024/02/22 6:23 p.m.•21 views

CVE-2024-25129 Limited data exfiltration in CodeQL CLI

2.7CVSS4AI score0.00117EPSS

Exploits0References3

NVD•added 2023/08/16 9:15 p.m.•9 views

CVE-2023-40034

8.1CVSS8.1AI score0.00374EPSS

Exploits0References4

Prion•added 2023/08/16 9:15 p.m.•10 views

Code injection

5.1CVSS8AI score0.00374EPSS

Exploits0References4Affected Software1

OSV•added 2023/08/16 8:48 p.m.•12 views

CVE-2023-40034 Repositoty takeover in woodpecker-ci

8.1CVSS8AI score0.00374EPSS

Exploits0References6

Vulnrichment•added 2023/08/16 8:48 p.m.•12 views

CVE-2023-40034 Repositoty takeover in woodpecker-ci

8.1CVSS8.1AI score0.00374EPSS

Exploits0References4

CVE•added 2023/08/16 8:48 p.m.•71 views

CVE-2023-40034

CVE-2023-40034 affects Woodpecker CI (community fork of Drone CI). The vulnerability: attackers can post malformed webhook data to trigger repository data updates, potentially allowing takeover of a repository when the CI is public and connected to a public forge. The issue is addressed in versio...

8.1CVSS8AI score0.00374EPSS

Exploits0References4Affected Software1

Kitploit•added 2018/07/24 9:46 p.m.•14 views

Cred Scanner - A Simple File-Based Scanner To Look For Potential AWS Access And Secret Keys In Files

A simple command line tool for finding AWS credentials in files. Optimized for use with Jenkins and other CI systems. I suspect there are other, better tools out there such as git-secrets, but I couldn't find anything to run a quick and dirty scan that also integrates well with Jenkins. Usage: To...

7.3AI score

Exploits0References2

Prion•added 2018/05/31 8:29 p.m.•14 views

Code injection

A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly...

5CVSS6.8AI score0.003EPSS

Exploits0References2Affected Software1

OSV•added 2018/05/31 8:29 p.m.•7 views

CVE-2016-10526

8.6CVSS8.6AI score

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by