Lucene search
K

38 matches found

GithubExploit
GithubExploit
added 2026/04/12 8:59 p.m.93 views

cyber-punk

Cyber Punk Security Vulnerability Scanner A Claude Code plu...

6AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-4298

Malicious code in bioql PyPI...

9.9CVSS9AI score0.01108EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-17463

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00575EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/15 8:58 p.m.8 views

CVE-2025-49598

conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...

7.3CVSS7.6AI score0.0015EPSS
Exploits0References1
NVD
NVD
added 2025/06/13 9:15 p.m.14 views

CVE-2025-49598

conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...

7.3CVSS0.0015EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/02/05 10:15 a.m.18 views

CVE-2023-6386

A denial of service vulnerability was identified in GitLab CE/EE, affecting all versions from 15.11 prior to 16.6.7, 16.7 prior to 16.7.5 and 16.8 prior to 16.8.2 which allows an attacker to spike the GitLab instance resource usage resulting in service degradation...

7.5CVSS5.9AI score0.00492EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/02/05 9:31 a.m.31 views

CVE-2023-6386

Removed by vendor...

7.5CVSS5.8AI score0.00492EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/12/16 11:0 a.m.7 views

Data Governance in DevOps: Ensuring Compliance in the AI Era

With the evolution of modern software development, CI/CD pipeline governance has emerged as a critical factor in maintaining both agility and compliance. As we enter the age of artificial intelligence AI, the importance of robust pipeline governance has only intensified. With that said, we'll...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/09/25 1:0 p.m.11 views

Proactively Securing Cloud Workloads in the CI/CD Pipeline with Rapid7 and Azure DevOps

As organizations continue to embrace cloud-native development practices, the need for integrated security solutions that seamlessly fit into existing DevOps environments has become more pressing than ever. We recognize this critical need and have added new integration for InsightCloudSec ICS and...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2024/05/02 6:15 a.m.33 views

CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a critical flaw impacting GitLab to its Known Exploited Vulnerabilities KEV catalog, owing to active exploitation in the wild. Tracked as CVE-2023-7028 CVSS score: 10.0, the maximum severity vulnerability could facilitate...

10CVSS7.6AI score0.94955EPSS
Exploits16
OSV
OSV
added 2024/03/06 10:55 a.m.18 views

BIT-KUSTOMIZE-2022-24877 Improper path handling in kustomization files allows path traversal

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...

9.9CVSS9AI score0.01108EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2024/02/07 12:0 a.m.31 views

Gitlab -- vulnerabilities

Gitlab reports: Restrict group access token creation for custom roles Project maintainers can bypass group's scan result policy blockbranchmodification setting ReDoS in CI/CD Pipeline Editor while verifying Pipeline syntax Resource exhaustion using GraphQL vulnerabilitiesCountByDay...

7.5CVSS7.4AI score0.00631EPSS
Exploits0References1
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/10/24 12:0 a.m.56 views

CI/CD Pipeline: How to Overcome Set-Up Challenges

Explore the most common challenges organizations face when establishing a CI/CD pipeline and how to strategically overcome them...

7AI score
Exploits0
NVD
NVD
added 2022/05/06 2:15 a.m.19 views

CVE-2022-24878

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user's CI/CD pipeline to...

7.7CVSS0.0095EPSS
Exploits0References1
Prion
Prion
added 2022/05/06 2:15 a.m.10 views

Path traversal

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user's CI/CD pipeline to...

4CVSS6.2AI score0.0095EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2022/05/06 1:35 a.m.28 views

CVE-2022-24878 Improper path handling in Kustomization files allows for denial of service

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user's CI/CD pipeline to...

7.7CVSS7.5AI score0.0095EPSS
Exploits0References1
NVD
NVD
added 2022/05/06 1:15 a.m.25 views

CVE-2022-24877

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...

9.9CVSS0.01108EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/05/06 1:10 a.m.27 views

CVE-2022-24877 Improper path handling in kustomization files allows path traversal

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...

9.9CVSS9.6AI score0.01108EPSS
Exploits0References1
OSV
OSV
added 2022/05/06 1:10 a.m.16 views

CVE-2022-24877 Improper path handling in kustomization files allows path traversal

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...

9.9CVSS8.9AI score0.01108EPSS
Exploits0References3
OSV
OSV
added 2022/05/04 6:4 p.m.24 views

GHSA-J77R-2FXF-5JRW Improper path handling in kustomization files allows path traversal

The kustomize-controller enables the use of Kustomize’s functionality when applying Kubernetes declarative state onto a cluster. A malicious user can use built-in features and a specially crafted kustomization.yaml to expose sensitive data from the controller’s pod filesystem. In multi-tenancy...

9.9CVSS9.2AI score0.01108EPSS
Exploits0References5
Rows per page
Query Builder