7847 matches found
CVE-2026-47174 Duck Site: Untrusted pull request code can trigger privileged production deployment
In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The build workflow runs on pull requests, while the deploy workflow runs with package-write permissions and deployment secrets. If an attacker can make a pull request build satisf...
CVE-2026-47174 Duck Site: Untrusted pull request code can trigger privileged production deployment
In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The build workflow runs on pull requests, while the deploy workflow runs with package-write permissions and deployment secrets. If an attacker can make a pull request build satisf...
CVE-2026-47174
Technical details such as affected components, versions, exploit paths, and fixes are not provided in the supplied documents; monitor for updates.
CVE-2026-47172
Quest Bot (open-source Discord bot) contains a privilege escalation in the deploy workflow prior to v1.0.3. The repository’s privileged deploy workflow runs after the unprivileged build, and when a PR from a main branch is opened, the deploy workflow can check out the PR head_sha, build it into a...
CVE-2026-47172 Quest Bot: Untrusted pull request code can be built and deployed by privileged `workflow_run` deployment.
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged build workflow completes. The build workflow runs on pull requests, and the deploy workflow checks ou...
EUVD-2026-36300
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged build workflow completes. The build workflow runs on pull requests, and the deploy workflow checks ou...
CVE-2026-47172 Quest Bot: Untrusted pull request code can be built and deployed by privileged `workflow_run` deployment.
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged build workflow completes. The build workflow runs on pull requests, and the deploy workflow checks ou...
EUVD-2026-36293
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...
Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in Eclipse Jetty
Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in Eclipse Jetty. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-11143 DESCRIPTION: The Jetty URI parser has some key differences to other common parsers when...
MAL-2026-5615 Malicious code in sysau (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b9246e768a775d54485e7208d0ed4fc575af09bc78c3fde95c5cb24ebc2350d Package advertises itself as a 'System binary configuration tool' but ships pointer.py spawned by index.js which hardcodes...
MAL-2026-5610 Malicious code in coderzero (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bd26d5ae306572deded5926f2a32dd34de72377da3363cafc4c4026b9c5a93d When a user runs the coderzero CLI, the bundled Python client client/noderzero.py starts a clipboard monitor that polls pyperclip.paste every 300ms a...
overflow_exploit_framework
kernel-research — Framework CVE overflow Usage éducatif uni...
PT-2026-48713
In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The build workflow runs on pull requests, while the deploy workflow runs with package-write permissions and deployment secrets. If an attacker can make a pull request build satisf...
Cloud Foundry UAA和CloudFoundry CF Deployment 数据伪造问题漏洞
Cloud Foundry UAA is an identity verification and management service terminal developed by the Cloud Foundry Foundation in the United States, and it is used on the CloudFoundry platform. CloudFoundry CF Deployment is a code deployment component provided by the Cloud Foundry Foundation. Versions o...
Linux Distros Unpatched Vulnerability : CVE-2026-11774
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packe...
PT-2026-48711
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged build workflow completes. The build workflow runs on pull requests, and the deploy workflow checks ou...
CVE-2026-48681
A flaw was found in OpenStack Ironic before 35.0.2. A directory traversal vulnerability during deployment allows an attacker to overwrite files on the system when a crafted ISO image is used. This can compromise confidentiality and integrity of files on the deployment target...
CVE-2026-42987
Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network...
Exploit for Improper Input Validation in Drupal
drupalgeddon2-cli A command-line rewrite of the Drupalged...
Fission 安全漏洞
Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.23.0 contain security vulnerabilities. These vulnerabilities stem from the runtime Pod using the fission-fetcher ServiceAccount and automatically mounting tokens. User function code can rea...