PT-2026-42815

Name of the Vulnerable Software and Affected Versions wasmtime-wasi affected versions not specified Description An access control mechanism bypass exists when a filesystem preopen is configured with DirPerms::all and FilePerms::READ without FilePerms::WRITE. This allows bypassing restrictions by...

Harden-Runner 安全漏洞

Harden-Runner is a program open source by StepSecurity. It provides network exit filter and runtime security for both GitHub-hosted and self-hosted runners. Versions of Harden-Runner prior to 2.14.2 contained security vulnerabilities. These vulnerabilities allowed outbound network connections to...

CVE-2024-52587

The CVE applies to StepSecurity Harden-Runner. Versions prior to v2.10.2 contain multiple command-injection weaknesses via environment variables in setup.ts and arc-runner.ts, exploitable under specific conditions. However, the documentation notes that due to GitHub Actions pre-step execution ord...

Malicious Package

Overview kfactionantiafk is a malicious package. It distributes Discord malware hosted on GitHub, that can steal important host information and credentials. Remediation Avoid using all malicious instances of the kfactionantiafk package. References - Injected Code Credit: Snyk Research Team...