Lucene search
K

5 matches found

NVD
NVD
added yesterday5 views

CVE-2026-54344

ToolJet is an open-source low-code platform for building internal tools. Prior to 3.20.180, ToolJet's render preview deployment workflow interpolates github.event.comment.body directly into a bash conditional in a run step, allowing any GitHub user who can comment on an open pull request with a...

4.7CVSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-54344

CVE-2026-54344 affects ToolJet prior to version 3.20.180. The render preview deployment workflow interpolates github.event.comment.body directly into a bash conditional in a run step, enabling any GitHub user who can comment on an open PR with a deploy command to execute shell commands on the CI ...

4.7CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-54344 ToolJet GitHub Actions comment body shell injection exposes deployment secrets

ToolJet is an open-source low-code platform for building internal tools. Prior to 3.20.180, ToolJet's render preview deployment workflow interpolates github.event.comment.body directly into a bash conditional in a run step, allowing any GitHub user who can comment on an open pull request with a...

4.7CVSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 6:46 p.m.8 views

CVE-2026-47174 Duck Site: Untrusted pull request code can trigger privileged production deployment

In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The build workflow runs on pull requests, while the deploy workflow runs with package-write permissions and deployment secrets. If an attacker can make a pull request build satisf...

9.5CVSS5.3AI score0.00312EPSS
Exploits0References1
HackRead
HackRead
added 2026/06/05 7:14 p.m.23 views

Miasma Malware Hits 32 Red Hat Packages via Compromised GitHub Account

32 Red Hat npm packages compromised by Miasma malware expose cloud tokens, CI/CD secrets and developer credentials in supply chain attack...

5.5AI score
Exploits0
Rows per page
Query Builder