Lucene search
+L

11 matches found

euvd
euvd
added 2026/04/14 3:10 a.m.4 views

EUVD-2026-22214

PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the...

9.1CVSS5.8AI score0.00305EPSS
Exploits0References3
cvelist
cvelist
added 2026/04/14 3:10 a.m.38 views

CVE-2026-40313 PraisonAI: ArtiPACKED Vulnerability via GitHub Actions Credential Persistence

PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the...

9.1CVSS0.00305EPSS
Exploits0References3
osv
osv
added 2026/04/14 3:10 a.m.2 views

CVE-2026-40313 PraisonAI: ArtiPACKED Vulnerability via GitHub Actions Credential Persistence

PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the...

9.1CVSS6AI score0.00305EPSS
Exploits0References5
cve
cve
added 2026/04/14 3:10 a.m.24 views

CVE-2026-40313

Summary: PraisonAI versions ≤ 4.5.139 expose GitHub Actions credential leakage via ArtiPACKED attack due to actions/checkout persisting GITHUB_TOKEN (and sometimes ACTIONS_RUNTIME_TOKEN) in the repository’s .git/config when artifacts are uploaded from workflows. This can allow read-access users t...

9.1CVSS5.8AI score0.00305EPSS
Exploits0References3Affected Software1
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-9678

Malicious code in bioql PyPI...

8.7CVSS6.4AI score0.00381EPSS
Exploits0References4
nvd
nvd
added 2025/04/04 7:15 a.m.35 views

CVE-2025-32111

The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout...

8.7CVSS0.00381EPSS
Exploits0References3
alpinelinux
alpinelinux
added 2025/04/04 7:15 a.m.5 views

CVE-2025-32111

The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout...

8.7CVSS7.3AI score0.00381EPSS
Exploits0References3
cnnvd
cnnvd
added 2025/04/04 12:0 a.m.6 views

acme.sh 安全漏洞

acme.sh is a scripting tool in the acme.sh open source. A security vulnerability exists in versions of acme.sh prior to 40b6db6, which stems from a missing persist-credentials: false configuration in the github/workflows/dockerhub.yml file on which the Docker image is based...

8.7CVSS6AI score0.00381EPSS
Exploits0References3
cve
cve
added 2025/04/04 12:0 a.m.76 views

CVE-2025-32111

CVE-2025-32111 affects the acme.sh Docker image built from a .github/workflows/dockerhub.yml workflow. The root cause is that actions/checkout lacked persist-credentials: false, potentially exposing credentials. The provided metrics indicate high impact (CVSS 3.1: AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/...

8.7CVSS7.2AI score0.00381EPSS
Exploits0References3
osv
osv
added 2025/04/04 12:0 a.m.19 views

CVE-2025-32111

The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout...

8.7CVSS6.9AI score0.00381EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2025/04/04 12:0 a.m.12 views

PT-2025-14858 · Acme.Sh · Acme.Sh

Name of the Vulnerable Software and Affected Versions: acme.sh versions prior to 40b6db6 Description: The issue concerns a Docker image of acme.sh that is based on a .github/workflows/dockerhub.yml file. This file lacks the "persist-credentials: false" setting for actions/checkout, which may lead...

8.7CVSS6.3AI score0.00381EPSS
Exploits0References12
Rows per page
Query Builder