Lucene search
K

29746 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-34563

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.03096EPSS
Exploits1References2
Snyk
Snyk
added 2025/10/03 2:16 p.m.2 views

Arbitrary Code Injection

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Arbitrary Code Injection via th...

8.8CVSS7.7AI score0.30227EPSS
Exploits6References2
RedhatCVE
RedhatCVE
added 2025/10/02 8:39 p.m.12 views

CVE-2025-61584

serverless-dns is a RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. Versions through abd including 0.1.30 have a vulnerability where the pr.yml GitHub Action interpolates in an unsafe manner untrusted input, specifically the...

10CVSS7.2AI score0.00342EPSS
Exploits0References1
Circl
Circl
added 2025/10/02 12:35 p.m.3 views

GHSA-P3X5-MVMP-5F35

creationtimestamp| type| source ---|---|--- 2025-10-02 12:35:16+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115304596433685168...

5.8AI score
Exploits0References1
Circl
Circl
added 2025/10/02 8:34 a.m.27 views

CVE-2025-54286

creationtimestamp| type| source ---|---|--- 2025-10-02 08:34:22+00:00| published-proof-of-concept| https://github.com/canonical/lxd/security/advisories/GHSA-p8hw-rfjg-689h 2025-10-02 10:18:15+00:00| seen| https://gist.github.com/Darkcrai86/1a05ab43d43c7d24c36e62588bc31ace 2025-10-02 13:55:18+00:0...

8.8CVSS5.7AI score0.00118EPSS
Exploits1References11
Circl
Circl
added 2025/10/01 6:49 p.m.8 views

CVE-2025-27223

creationtimestamp| type| source ---|---|--- 2025-10-01 18:49:45+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-27223.yaml 2025-10-02 21:02:26+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m2ahapki2u26 2025-10-18...

7.5CVSS5.8AI score0.0212EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2025/10/01 9:56 a.m.171 views

unserialize-exploit

🎯 unserialize-exploit - Explore PHP Unserialization Exploits...

7.4AI score
Exploits0
Circl
Circl
added 2025/09/30 4:58 p.m.4 views

CVE-2025-59537

creationtimestamp| type| source ---|---|--- 2025-09-30 16:58:40+00:00| published-proof-of-concept| https://github.com/argoproj/argo-cd/security/advisories/GHSA-wp4p-9pxh-cgx2...

7.5CVSS7.3AI score0.00563EPSS
Exploits1References1
Circl
Circl
added 2025/09/30 4:58 p.m.4 views

CVE-2025-59531

creationtimestamp| type| source ---|---|--- 2025-09-30 16:58:31+00:00| published-proof-of-concept| https://github.com/argoproj/argo-cd/security/advisories/GHSA-f9gq-prrc-hrhc...

7.5CVSS7.3AI score0.00549EPSS
Exploits1References1
Microsoft Secure
Microsoft Secure
added 2025/09/30 1:0 p.m.6 views

Empowering defenders in the era of agentic AI with Microsoft Sentinel

Microsoft unveils a new wave of security innovation—delivering an agentic platform to protect organizations at scale We are living through a turning point in how organizations work and defend themselves. Across industries, “Frontier Firms” are emerging; these are businesses where humans and AI...

7.1AI score
Exploits0
NVD
NVD
added 2025/09/30 11:37 a.m.23 views

CVE-2025-61584

serverless-dns is a RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. Versions through abd including 0.1.30 have a vulnerability where the pr.yml GitHub Action interpolates in an unsafe manner untrusted input, specifically the...

10CVSS0.00342EPSS
Exploits0References2
CVE
CVE
added 2025/09/30 12:12 a.m.19 views

CVE-2025-61584

serverless-dns (versions up to 0.1.30) contains a vulnerability in the pr.yml GitHub Action where unsafe input (github.event.pull_request.head.repo.clone_url and github.head_ref) is interpolated into a command executed by the runner. Because the action uses the pull_request_target trigger, it run...

10CVSS7AI score0.00342EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.8 views

PT-2025-39926

Name of the Vulnerable Software and Affected Versions serverless-dns versions through 0.1.30 Description serverless-dns is a RethinkDNS resolver that deploys to various platforms including Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. A flaw exists where the pr.yml GitHub Action interpolat...

10CVSS7.1AI score0.00342EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/09/30 12:0 a.m.3 views

serverless-dns 命令注入漏洞

serverless-dns is a DNS resolver from serverless-dns open source. A command injection vulnerability exists in serverless-dns version 0.1.30 and earlier, which stems from the pr.yml GitHub Action inserting untrusted input in an insecure manner, which could lead to the execution of attacker code...

10CVSS7.5AI score0.00342EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/09/29 5:51 p.m.8 views

j178/prek-action vulnerable to arbitrary code injection in composite action

Summary There are three potential attacks of arbitrary code injection vulnerability in the composite action at action.yml. Details The GitHub Action variables inputs.prek-version, inputs.extraargs, and inputs.extra-args can be used to execute arbitrary code in the context of the action. PoC yaml ...

8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/29 3:0 p.m.5 views

CodeQL zero to hero part 5: Debugging queries

When you're first getting started with CodeQL, you may find yourself in a situation where a query doesn't return the results you expect. Debugging these queries can be tricky, because CodeQL is a Prolog-like language with an evaluation model that's quite different from mainstream languages like...

7.3AI score
Exploits0
Circl
Circl
added 2025/09/29 3:18 a.m.3 views

CVE-2025-54249

creationtimestamp| type| source ---|---|--- 2025-09-29 03:18:25+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-54249.yaml 2025-09-30 21:02:43+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m23gd7gjji2j 2025-10-18...

6.5CVSS4.8AI score0.01811EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/09/27 4:46 p.m.18 views

CVE-2025-59844

SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args parameter on Windows...

7.7CVSS7.8AI score0.01507EPSS
Exploits0References1
NVD
NVD
added 2025/09/26 5:15 p.m.4 views

CVE-2025-59844

SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args parameter on Windows...

7.7CVSS0.01507EPSS
Exploits0References3
CVE
CVE
added 2025/09/26 4:24 p.m.20 views

CVE-2025-59844

The CVE-2025-59844 entry pertains to SonarQube Scan Action (GitHub Action). A command injection vulnerability exists in versions 4.0.0 through before 6.0.0 when workflows pass user-controlled input to the args parameter on Windows runners without proper validation. This root cause allows arbitrar...

7.7CVSS7.4AI score0.01507EPSS
Exploits0References3
Rows per page
Query Builder