CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

The Hacker News•added 2026/05/22 11:55 a.m.•18 views

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. "Using throwaway accounts and forged author identities build-bot, auto-ci, ci-bot, pipeline-bot, the attacke...

5.9AI score

Exploits0

ATTACKERKB•added 2026/02/04 4:47 p.m.•3 views

CVE-2026-25054

n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user...

8.5CVSS5.4AI score0.00016EPSS

Exploits0References2Affected Software1

Snyk•added 2026/01/21 10:46 p.m.•2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of object names in the GetArtifactFile function. An attacker can execute arbitrary JavaScript in another user's browser by crafting malicious workflows that produce an HTML artifact enabling...

9CVSS6AI score0.00058EPSS

Exploits1References2

RedhatCVE•added 2026/01/13 10:53 p.m.•3 views

CVE-2025-14718

The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00015EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:34 a.m.•4 views

CVE-2024-41122

Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...

8.8CVSS6.7AI score0.00314EPSS

Exploits0References1

NVD•added 2026/01/09 7:16 a.m.•7 views

CVE-2025-14718

5.4CVSS0.00015EPSS

Exploits0References2

Cvelist•added 2026/01/09 6:34 a.m.•28 views

CVE-2025-14718 Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.3 - Missing Authorization to Authenticated (Contributor+) Workflow Manipulation

5.4CVSS0.00015EPSS

Exploits0References2

Positive Technologies•added 2026/01/09 12:0 a.m.•6 views

PT-2026-1750

Name of the Vulnerable Software and Affected Versions PublishPress Future versions through 4.9.3 Description The Schedule Post Changes With PublishPress Future plugin for WordPress has an authorization bypass issue. The plugin does not properly verify user authorization, allowing authenticated...

5.4CVSS6.5AI score0.00015EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-2240

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00314EPSS

Exploits0References9

Veracode•added 2024/07/25 5:58 p.m.•13 views

Code Injection

Woodpecker is vulnerable to Code Injection. The vulnerability is due to insufficient user validation, allowing any user to trigger malicious workflows that can either take over the host running the agent or extract secrets by overwriting plugin entry points...

8.8CVSS7.2AI score0.00451EPSS

Exploits0References8Affected Software2

Veracode•added 2024/07/25 8:55 a.m.•13 views

Code Injection

8.8CVSS6.9AI score0.00314EPSS

Exploits0References7Affected Software2

NVD•added 2024/07/19 8:15 p.m.•14 views

CVE-2024-41122

8.8CVSS0.00314EPSS

Exploits0References5

NVD•added 2024/07/19 8:15 p.m.•11 views

CVE-2024-41121

8.8CVSS0.00451EPSS

Exploits0References6

Github Security Blog•added 2024/07/19 7:59 p.m.•11 views

Woodpecker's custom workspace allow to overwrite plugin entrypoint executable

Impact The server allow to create any user who can trigger a pipeline run malicious workflows: - Those workflows can either lead to a host takeover that runs the agent executing the workflow. - Or allow to extract the secrets who would be normally provided to the plugins who's entrypoint are...

8.8CVSS6.8AI score0.00451EPSS

Exploits0References10Affected Software2

OSV•added 2024/07/19 7:59 p.m.•10 views

GHSA-3WF2-2PQ4-4RVC Woodpecker's custom environment variables allow to alter execution flow of plugins

7.5CVSS8AI score0.00314EPSS

Exploits0References9

Github Security Blog•added 2024/07/19 7:59 p.m.•20 views

Woodpecker's custom environment variables allow to alter execution flow of plugins

8.8CVSS6.8AI score0.00314EPSS

Exploits0References9Affected Software2

OSV•added 2024/07/19 7:58 p.m.•14 views

CVE-2024-41122 Custom environment variables allow to alter execution flow of plugins in Woodpecker

7.5CVSS6.6AI score0.00314EPSS

Exploits0References7

Vulnrichment•added 2024/07/19 7:58 p.m.•13 views

CVE-2024-41122 Custom environment variables allow to alter execution flow of plugins in Woodpecker

7.5CVSS7.5AI score0.00314EPSS

Exploits0References5

OSV•added 2023/03/30 6:27 p.m.•18 views

CVE-2023-26482 Scope of workflow operations is not validated in nextcloud server

Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs,...

9CVSS8.7AI score0.51125EPSS

Exploits2References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by