Lucene search
K

30 matches found

NVD
NVD
added 2 days ago8 views

CVE-2026-58065

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...

8.1CVSS0.00461EPSS
Exploits0References3
CVE
CVE
added 2 days ago20 views

CVE-2026-58065

The CVE affects the Apache Airflow Git provider when performing git-over-SSH operations with StrictHostKeyChecking=no, which disables SSH host-key verification and enables MITM risk between an Airflow worker and the Git server. Deployments that clone over SSH using a deploy key or involve the Git...

8.1CVSS6.1AI score0.00461EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-180173

Malicious code in awk-sun-deploy-key-omega npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-25250

Malicious code in bioql PyPI...

6.5CVSS5.2AI score0.0061EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-34385

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.00757EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-44168

Malicious code in bioql PyPI...

5.4CVSS5.4AI score0.00322EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-32056

Malicious code in bioql PyPI...

7.2CVSS6.6AI score0.00587EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-2095

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all...

4.3CVSS5AI score0.00757EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-1983

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker...

6.5CVSS5.2AI score0.0061EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 2:12 a.m.9 views

CVE-2023-3509

An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for group members with sub-maintainer role to change the title of privately accessible deploy keys associated...

5.4CVSS6.5AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:33 p.m.5 views

CVE-2022-1983

Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP...

6.5CVSS6.8AI score0.0061EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:22 p.m.5 views

CVE-2022-2095

An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious authenticated user to view a public project's Deploy Key's public fingerprint a...

4.3CVSS6.3AI score0.00757EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/10/09 12:0 a.m.26 views

Gitlab -- vulnerabilities

Gitlab reports: Run pipelines on arbitrary branches An attacker can impersonate arbitrary user SSRF in Analytics Dashboard Viewing diffs of MR with conflicts can be slow HTMLi in OAuth page Deploy Keys can push changes to an archived repository Guests can disclose project templates GitLab instanc...

9.6CVSS7.3AI score0.02093EPSS
Exploits2References1
NVD
NVD
added 2024/04/19 3:15 p.m.24 views

CVE-2024-3470

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as we...

7.2CVSS5.7AI score0.00587EPSS
Exploits0References2
OSV
OSV
added 2024/04/19 3:15 p.m.5 views

CVE-2024-3470

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as we...

7.2CVSS5.8AI score0.00587EPSS
Exploits0References2
CVE
CVE
added 2024/04/19 2:17 p.m.76 views

CVE-2024-3470

GitHub Enterprise Server suffers an Improper Privilege Management flaw that lets a repository deploy key bypass an organization’s ruleset when an attacker has a valid deploy key and repository administrator access. Affected versions are 3.11–3.12; remediation is to upgrade to 3.11.8 or 3.12.2. In...

7.2CVSS6.8AI score0.00587EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/19 12:0 a.m.6 views

PT-2024-26117 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.11 through 3.12 Description: An Improper Privilege Management issue was identified in GitHub Enterprise Server, allowing an attacker to bypass an organization ruleset using a deploy key. The attacker would...

5.9CVSS7.2AI score0.00587EPSS
Exploits0References5
Hacker One
Hacker One
added 2024/04/18 2:43 p.m.19 views

GitHub: View private repository NWO of deploy key via internal LFS API

The vulnerability allowed an attacker to enumerate the names of private repositories that utilized deploy keys in GitHub Enterprise Server. The vulnerability did not provide unauthorized access to any repository content besides the repository names. This vulnerability affected all versions of...

6.3CVSS5.1AI score0.00492EPSS
Exploits0
OSV
OSV
added 2024/03/06 11:15 a.m.26 views

BIT-GITLAB-2022-2095

An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious authenticated user to view a public project's Deploy Key's public fingerprint a...

4.3CVSS4.4AI score0.00757EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/02/21 11:15 p.m.32 views

CVE-2023-3509

An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for group members with sub-maintainer role to change the title of privately accessible deploy keys associated...

5.4CVSS6AI score0.00322EPSS
Exploits0References3
Rows per page
Query Builder