98 matches found
CVE-2025-9908 Event-driven-ansible: sensitive internal headers disclosure in aap eda event streams
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers such as X-Trusted-Proxy and X-Envoy- and event stream URLs via crafted requests and job...
EUVD-2019-7836
Malware in sbrugna...
EUVD-2022-28863
Malicious code in bioql PyPI...
EUVD-2022-28735
Malicious code in bioql PyPI...
EUVD-2022-28736
Malicious code in bioql PyPI...
EUVD-2025-19586
Malicious code in bioql PyPI...
EUVD-2025-19585
Malicious code in bioql PyPI...
EUVD-2022-28862
Malicious code in bioql PyPI...
Malicious code in @zalastax/nolb-_eda (npm)
The package @zalastax/nolb-eda was found to contain malicious code...
MAL-2025-42996 Malicious code in @zalastax/nolb-_eda (npm)
The package @zalastax/nolb-eda was found to contain malicious code...
Linux Distros Unpatched Vulnerability : CVE-2022-23803
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA 6.0.1 and...
Malicious code in ot-eda-messages (npm)
The package ot-eda-messages was found to contain malicious code...
MAL-2025-28606 Malicious code in ot-eda-messages (npm)
The package ot-eda-messages was found to contain malicious code...
Malicious code in ot-eda-node (npm)
The package ot-eda-node was found to contain malicious code...
MAL-2025-28607 Malicious code in ot-eda-node (npm)
The package ot-eda-node was found to contain malicious code...
aap-gateway: CSRF origin checking is disabled
A flaw was found in the Ansible aap-gateway. Cross-site request forgery CSRF origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda...
event-driven-ansible: Authenticated Argument Injection in Git URL in EDA Project Creation
A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift...
event-driven-ansible: Template Injection via Git Branch and Refspec in EDA Projects
A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows authenticated users to inject expressions that execute commands or access sensitive files on the EDA worker. In...
CVE-2025-49521
A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows authenticated users to inject expressions that execute commands or access sensitive files on the EDA worker. In...
CVE-2025-49520
CVE-2025-49520 affects Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to git ls-remote, enabling an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift, this can lead to service accou...