29746 matches found
EUVD-2022-34563
Malicious code in bioql PyPI...
Arbitrary Code Injection
Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Arbitrary Code Injection via th...
CVE-2025-61584
serverless-dns is a RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. Versions through abd including 0.1.30 have a vulnerability where the pr.yml GitHub Action interpolates in an unsafe manner untrusted input, specifically the...
GHSA-P3X5-MVMP-5F35
creationtimestamp| type| source ---|---|--- 2025-10-02 12:35:16+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115304596433685168...
CVE-2025-54286
creationtimestamp| type| source ---|---|--- 2025-10-02 08:34:22+00:00| published-proof-of-concept| https://github.com/canonical/lxd/security/advisories/GHSA-p8hw-rfjg-689h 2025-10-02 10:18:15+00:00| seen| https://gist.github.com/Darkcrai86/1a05ab43d43c7d24c36e62588bc31ace 2025-10-02 13:55:18+00:0...
CVE-2025-27223
creationtimestamp| type| source ---|---|--- 2025-10-01 18:49:45+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-27223.yaml 2025-10-02 21:02:26+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m2ahapki2u26 2025-10-18...
unserialize-exploit
🎯 unserialize-exploit - Explore PHP Unserialization Exploits...
CVE-2025-59537
creationtimestamp| type| source ---|---|--- 2025-09-30 16:58:40+00:00| published-proof-of-concept| https://github.com/argoproj/argo-cd/security/advisories/GHSA-wp4p-9pxh-cgx2...
CVE-2025-59531
creationtimestamp| type| source ---|---|--- 2025-09-30 16:58:31+00:00| published-proof-of-concept| https://github.com/argoproj/argo-cd/security/advisories/GHSA-f9gq-prrc-hrhc...
Empowering defenders in the era of agentic AI with Microsoft Sentinel
Microsoft unveils a new wave of security innovation—delivering an agentic platform to protect organizations at scale We are living through a turning point in how organizations work and defend themselves. Across industries, “Frontier Firms” are emerging; these are businesses where humans and AI...
CVE-2025-61584
serverless-dns is a RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. Versions through abd including 0.1.30 have a vulnerability where the pr.yml GitHub Action interpolates in an unsafe manner untrusted input, specifically the...
CVE-2025-61584
serverless-dns (versions up to 0.1.30) contains a vulnerability in the pr.yml GitHub Action where unsafe input (github.event.pull_request.head.repo.clone_url and github.head_ref) is interpolated into a command executed by the runner. Because the action uses the pull_request_target trigger, it run...
PT-2025-39926
Name of the Vulnerable Software and Affected Versions serverless-dns versions through 0.1.30 Description serverless-dns is a RethinkDNS resolver that deploys to various platforms including Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. A flaw exists where the pr.yml GitHub Action interpolat...
serverless-dns 命令注入漏洞
serverless-dns is a DNS resolver from serverless-dns open source. A command injection vulnerability exists in serverless-dns version 0.1.30 and earlier, which stems from the pr.yml GitHub Action inserting untrusted input in an insecure manner, which could lead to the execution of attacker code...
j178/prek-action vulnerable to arbitrary code injection in composite action
Summary There are three potential attacks of arbitrary code injection vulnerability in the composite action at action.yml. Details The GitHub Action variables inputs.prek-version, inputs.extraargs, and inputs.extra-args can be used to execute arbitrary code in the context of the action. PoC yaml ...
CodeQL zero to hero part 5: Debugging queries
When you're first getting started with CodeQL, you may find yourself in a situation where a query doesn't return the results you expect. Debugging these queries can be tricky, because CodeQL is a Prolog-like language with an evaluation model that's quite different from mainstream languages like...
CVE-2025-54249
creationtimestamp| type| source ---|---|--- 2025-09-29 03:18:25+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-54249.yaml 2025-09-30 21:02:43+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m23gd7gjji2j 2025-10-18...
CVE-2025-59844
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args parameter on Windows...
CVE-2025-59844
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args parameter on Windows...
CVE-2025-59844
The CVE-2025-59844 entry pertains to SonarQube Scan Action (GitHub Action). A command injection vulnerability exists in versions 4.0.0 through before 6.0.0 when workflows pass user-controlled input to the args parameter on Windows runners without proper validation. This root cause allows arbitrar...