93 matches found
USN-8230-1 docker.io-app vulnerabilities
It was discovered that BuildKit, contained within Docker, incorrectly handled file path validation when processing frontend API messages. An attacker could possibly use this issue to write files outside of the intended state directory. CVE-2026-33747 It was discovered that BuildKit, contained...
Linux Distros Unpatched Vulnerability : CVE-2026-33748
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient...
CVE-2026-33748
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...
CVE-2026-33748
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...
CVE-2026-33748
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack when processing Git URL fragment subdir components. An attacker can access files outside the intended Git repository root by specifying a crafted subdir value in the URL fragment. Note: This is only exploitable if builds...
BuildKit Git URL subdir component can cause access to restricted files
Impact Insufficient validation of Git URL fragment subdir components :, docs may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem. Patches The issue has been fixed in version v0.28.1 Workarounds The issue affects...
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack when processing Git URL fragment subdir components. An attacker can access files outside the intended Git repository root by specifying a crafted subdir value in the URL fragment. Note: This is only exploitable if builds...
ComfyUI-Manager CRLF Injection Vulnerability
ComfyUI is a popular node-based Stable Diffusion GUI widely used for building and executing AI image generation workflows.ComfyUI-Manager is an extension manager plugin for ComfyUI to simplify the management of installations of custom nodes, models and dependencies. ComfyUI-Manager suffers from a...
EUVD-2025-33395
BBOT's gitlab.py exposes globally configured "gitlab" API key...
EUVD-2025-33396
BBOT's gitclone.py can expose users' GitHub API keys to an attacker-controlled webserver...
CVE-2025-10282
BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL...
CVE-2025-10281
BBOT's gitclone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL...
CVE-2025-10282 GitLab Domain Confusion in gitlab Leaks API Key
BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL...
CVE-2025-10282 GitLab Domain Confusion in gitlab Leaks API Key
BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL...
BBOT 安全漏洞
BBOT is a recursive Internet scanner open-sourced by Black Lantern Security. BBOT suffers from a security vulnerability that stems from a maliciously formatted git URL that could lead to the disclosure of GitLab API keys to an attacker-controlled server...
PT-2025-41395
Name of the Vulnerable Software and Affected Versions BBOT affected versions not specified Description The gitlab module in BBOT may allow an attacker to disclose a GitLab API key to a server under their control by using a maliciously formatted git URL. This could potentially lead to unauthorized...
EUVD-2019-4672
Malware in sbrugna...
EUVD-2023-29135
Malicious code in bioql PyPI...
EUVD-2023-1869
Malicious code in bioql PyPI...