Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

181 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/08 10:24 p.m.3 views

CVE-2026-42298

Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish PR Docker Image workflow .github/workflows/pr-docker-build.yml allows any unauthenticated user to execute arbitrary code during the Docker build process and exfiltrate a...

10CVSS6.1AI score0.00504EPSS
Exploits0References3
CVE
CVEadded 2026/05/08 10:24 p.m.12 views

CVE-2026-42298

CVE-2026-42298 affects Postiz (AI social media scheduling tool). The issue arises in the Build and Publish PR Docker Image workflow (.github/workflows/pr-docker-build.yml), where an unauthenticated user can cause arbitrary code execution during Docker image build by submitting a fork with a malic...

10CVSS6.1AI score0.00504EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/08 12:0 a.m.10 views

PT-2026-39212

Name of the Vulnerable Software and Affected Versions Postiz versions prior to commit da44801 Description A Pwn Request issue in the Build and Publish PR Docker Image workflow located in '.github/workflows/pr-docker-build.yml' allows unauthenticated users to execute arbitrary code during the Dock...

10CVSS6.2AI score0.00504EPSS
Exploits0References9
SUSE CVE
SUSE CVEadded 2026/04/28 1:34 a.m.4 views

SUSE CVE-2026-41414

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

7.4CVSS5.4AI score0.00281EPSS
Exploits1References3
Tenable Nessus
Tenable Nessusadded 2026/04/27 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-41414

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork co...

7.4CVSS5.9AI score0.00281EPSS
Exploits1References2
NVD
NVDadded 2026/04/24 7:17 p.m.3 views

CVE-2026-41414

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

7.4CVSS0.00281EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/04/24 6:32 p.m.5 views

CVE-2026-41414

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

7.4CVSS5.4AI score0.00281EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/04/24 6:32 p.m.4 views

CVE-2026-41414 Skim: Arbitrary code execution via pull_request_target fork checkout in pr.yml

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

7.4CVSS5.4AI score0.00281EPSS
Exploits1References2
EUVD
EUVDadded 2026/04/24 6:32 p.m.2 views

EUVD-2026-25596

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

7.4CVSS5.3AI score0.00281EPSS
Exploits1References2
CVE
CVEadded 2026/04/24 6:32 p.m.10 views

CVE-2026-41414

CVE-2026-41414 affects Skim. The vulnerability allows arbitrary code execution via the generate-files workflow in .github/workflows/pr.yml, where the workflow checks out code from an attacker-controlled fork and runs it with access to SKIM_RS_BOT_PRIVATE_KEY and GITHUB_TOKEN (contents:write). No ...

7.4CVSS5.4AI score0.00281EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinuxadded 2026/04/24 6:32 p.m.6 views

CVE-2026-41414

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

7.4CVSS5.9AI score0.00281EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2026/04/24 12:0 a.m.5 views

PT-2026-35057

Name of the Vulnerable Software and Affected Versions Skim affected versions not specified Description The generate-files job in the '.github/workflows/pr.yml' file checks out code from an attacker-controlled fork and executes it via the cargo run command. This process allows access to the SKIM R...

7.4CVSS5.3AI score0.00281EPSS
Exploits1References11
RedhatCVE
RedhatCVEadded 2026/04/23 11:20 p.m.1 views

CVE-2026-40161

A flaw was found in Tekton Pipelines. A tenant with permissions to create TaskRun or PipelineRun resources can exploit this vulnerability. By omitting the Git API token parameter and pointing the serverURL to an attacker-controlled endpoint, the system-configured Git API token such as a GitHub...

7.7CVSS5.7AI score0.0026EPSS
Exploits0References6
SUSE CVE
SUSE CVEadded 2026/04/23 1:23 a.m.7 views

SUSE CVE-2026-40903

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUBTOKEN through workflow artifacts, even though the token is not present in the repository source code. This vulnerability is fixed in 2.0.0-beta.6...

9.1CVSS5.8AI score0.00245EPSS
Exploits0References3
Snyk
Snykadded 2026/04/22 5:6 p.m.2 views

Unsafe Dependency Resolution

Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the artifact creation process. An attacker can gain unauthorized access to sensitive credentials by extracting workflow artifacts containing the GITHUBTOKEN. Remediation Upgrade...

9.3CVSS5.5AI score0.00245EPSS
Exploits0References2
Snyk
Snykadded 2026/04/22 5:6 p.m.3 views

Unsafe Dependency Resolution

Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the artifact creation process. An attacker can gain unauthorized access to sensitive credentials by extracting workflow artifacts containing the GITHUBTOKEN. Remediation Upgrade...

9.3CVSS5.8AI score0.00245EPSS
Exploits0References2
NVD
NVDadded 2026/04/21 8:17 p.m.5 views

CVE-2026-40903

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUBTOKEN through workflow artifacts, even though the token is not present in the repository source code. This vulnerability is fixed in 2.0.0-beta.6...

9.1CVSS0.00245EPSS
Exploits0References1
CVE
CVEadded 2026/04/21 7:43 p.m.13 views

CVE-2026-40903

CVE-2026-40903 – Goshs ArtiPACKED vulnerability : goshs is a SimpleHTTPServer written in Go. Before 2.0.0-beta.6, it is affected by an ArtiPACKED vulnerability that can lead to leakage of the GITHUB_TOKEN through workflow artifacts, even if the token is not present in the repository source code. ...

9.1CVSS5.8AI score0.00245EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2026/04/21 7:43 p.m.3 views

EUVD-2026-24282

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUBTOKEN through workflow artifacts, even though the token is not present in the repository source code. This vulnerability is fixed in 2.0.0-beta.6...

9.1CVSS5.8AI score0.00245EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/21 7:43 p.m.30 views

CVE-2026-40903 Goshs - ArtiPACKED Vulnerability – GitHub Actions Credential Persistence

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUBTOKEN through workflow artifacts, even though the token is not present in the repository source code. This vulnerability is fixed in 2.0.0-beta.6...

9.1CVSS0.00245EPSS
Exploits0References1
Rows per page
Query Builder