Lucene search
K

22 matches found

CVE
CVE
added 6 days ago7 views

CVE-2026-59821

LiteLLM is a proxy/AI Gateway for LLM API calls. A vulnerability exists in production create/update paths of Custom Code Guardrails before version 1.82.0-stable, where sandboxing/validation was not applied consistently with the test endpoint, allowing a privileged user to submit custom Python cod...

7.2CVSS6AI score0.00288EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-59821 LiteLLM: Custom Code Guardrails production endpoints bypass code safety checks

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.82.0-stable, LiteLLM's Custom Code Guardrails production create and update paths did not apply the same sandboxing and validation used by the test endpoint, allowing a privileged user with access to creat...

2.1CVSS0.00288EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:50 a.m.8 views

CVE-2026-3198

MLflow 3.9.0 with basic-auth --app-name basic-auth fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the BEFOREREQUESTHANDLERS dictionary in mlflow/server/auth/init.py does not include entries for ListGatewaySecretInfos, ListGatewayEndpoints, and...

6.5CVSS6.6AI score0.00244EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/06/01 12:0 a.m.12 views

KubeSec V1 Kubernetes Scanner

KubeSec is a Kubernetes security auditing tool designed to identify dangerous RBAC permissions, insecure pod configurations, exposed secrets, privileged workloads, risky host mounts, weak network exposure, and cluster hardening weaknesses across Kubernetes environments. performs automated read-on...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.5 views

Aqua Security Trivy 0.69.4 Supply Chain Compromise (GHSA-69fq-xp46-6x23)

The version of Aqua Security Trivy installed on the remote host is 0.69.4. This version was published by a threat actor using compromised credentials as part of a supply chain attack. The malicious release contains credential-stealing malware designed to exfiltrate secrets such as SSH keys, cloud...

9.4CVSS6.1AI score0.60368EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2025/08/08 5:8 p.m.13 views

The AuthKit Remix Library renders sensitive auth data in HTML

Summary Before 0.15.0, @workos-inc/authkit-remix returned sensitive authentication artifacts from the authkitLoader, specifically sealedSession and accessToken. Because these values were returned from the loader, they were embedded into the server-rendered HTML and became readable by any script...

7.1CVSS6.1AI score0.00364EPSS
Exploits0References7Affected Software1
CISA KEV Catalog
CISA KEV Catalog
added 2025/03/24 12:0 a.m.27 views

reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability

reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Github Actions Workflow Logs...

8.6CVSS7.4AI score0.02296EPSS
In wildExploits2
RedhatCVE
RedhatCVE
added 2025/03/21 3:19 p.m.11 views

CVE-2025-30154

reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use reviewdog/action-setup@v...

8.6CVSS7.4AI score0.02296EPSS
Exploits2References1
NVD
NVD
added 2025/03/19 4:15 p.m.15 views

CVE-2025-30154

reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use reviewdog/action-setup@v...

8.6CVSS0.02296EPSS
Exploits2References6
Github Security Blog
Github Security Blog
added 2025/03/19 3:19 p.m.25 views

Multiple Reviewdog actions were compromised during a specific time period

Summary reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use reviewdog/action-setup@v1 would also be compromised, regardless of version or pinni...

8.6CVSS7AI score0.02296EPSS
Exploits2References8Affected Software1
OSV
OSV
added 2025/03/19 3:19 p.m.9 views

GHSA-QMG3-HPQR-GQVC Multiple Reviewdog actions were compromised during a specific time period

Summary reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use reviewdog/action-setup@v1 would also be compromised, regardless of version or pinni...

8.6CVSS8.7AI score0.02296EPSS
Exploits2References8
Vulnrichment
Vulnrichment
added 2025/03/19 3:15 p.m.8 views

CVE-2025-30154 Multiple Reviewdog actions were compromised during a specific time period

reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use reviewdog/action-setup@v...

8.6CVSS8.7AI score0.02296EPSS
Exploits2References5
CVE
CVE
added 2025/03/19 3:15 p.m.308 views

CVE-2025-30154

CVE-2025-30154 involves the GitHub Action reviewdog/action-setup@v1, which was compromised on 2025-03-11 (18:42–20:31 UTC). The malicious code dumps exposed secrets to GitHub Actions workflow logs. Related reviewdog actions that rely on action-setup@v1 (including action-shellcheck, action-composi...

8.6CVSS8.7AI score0.02296EPSS
In wildExploits2References6Affected Software6
OSV
OSV
added 2025/03/19 3:15 p.m.10 views

CVE-2025-30154 Multiple Reviewdog actions were compromised during a specific time period

reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use reviewdog/action-setup@v...

8.6CVSS8.5AI score0.02296EPSS
Exploits2References8
Cvelist
Cvelist
added 2025/03/19 3:15 p.m.49 views

CVE-2025-30154 Multiple Reviewdog actions were compromised during a specific time period

reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use reviewdog/action-setup@v...

8.6CVSS0.02296EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2025/03/19 12:0 a.m.15 views

CVE-2025-30154

reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use reviewdog/action-setup@v...

8.6CVSS7.4AI score0.02296EPSS
In wildExploits2References6
Positive Technologies
Positive Technologies
added 2025/01/30 12:0 a.m.5 views

PT-2025-4855 · Argo Cd +1 · Argo Cd +1

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to v2.13.4 Argo CD versions prior to v2.12.10 Argo CD versions prior to v2.11.13 Description: A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid...

10CVSS7AI score0.02652EPSS
Exploits4References88
NVD
NVD
added 2025/01/23 6:15 p.m.8 views

CVE-2024-55928

Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption...

7.5CVSS0.00143EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/04/11 11:32 a.m.22 views

Python's PyPI Reveals Its Secrets

GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/04/11 11:32 a.m.37 views

Python's PyPI Reveals Its Secrets

GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in...

7.3AI score
Exploits0
Rows per page
Query Builder