Lucene search
K

27 matches found

GithubExploit
GithubExploit
added 2026/04/15 7:56 a.m.113 views

vuln-poc-generate-skill

vuln-poc-generate-skill A Codex skill project for generating...

6AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-0985

Malicious code in bioql PyPI...

7.7CVSS7.5AI score0.00716EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-1023

Malicious code in bioql PyPI...

7.4CVSS6.2AI score0.01777EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.21 views

EUVD-2022-7245

Malicious code in bioql PyPI...

9.9CVSS9AI score0.01067EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-0920

Malicious code in bioql PyPI...

7.5CVSS6.7AI score0.00986EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/03/15 3:29 a.m.10 views

CVE-2025-27616

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to ...

8.5CVSS6.5AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2025/03/10 7:15 p.m.10 views

CVE-2025-27616

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to ...

8.5CVSS0.00246EPSS
Exploits0References5
OSV
OSV
added 2025/03/10 6:56 p.m.9 views

CVE-2025-27616 Vela Server has Insufficient Webhook Payload Data Verification

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to ...

8.5CVSS6.3AI score0.00246EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/02/05 1:5 a.m.6 views

CVE-2024-28236

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...

7.7CVSS7.8AI score0.00716EPSS
Exploits0References1
NVD
NVD
added 2024/03/12 9:15 p.m.39 views

CVE-2024-28236

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...

7.7CVSS7.8AI score0.00716EPSS
Exploits0References2
Prion
Prion
added 2024/03/12 9:15 p.m.25 views

Input validation

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...

4CVSS7.8AI score0.00716EPSS
Exploits0References2
CVE
CVE
added 2024/03/12 8:41 p.m.66 views

CVE-2024-28236

Vela CVE-2024-28236 describes insecure variable substitution in Vela’s pipelines (go-vela/worker) where substitution into fields such as parameters, image, and entrypoint can leak secrets by bypassing log masking. The issue arises when secrets are injected into a plugin/image and inadvertently pr...

7.7CVSS7.8AI score0.00716EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/03/12 8:41 p.m.32 views

CVE-2024-28236 Insecure Variable Substitution in Vela

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...

7.7CVSS7.5AI score0.00716EPSS
Exploits0References4
NVD
NVD
added 2022/11/10 6:15 p.m.58 views

CVE-2022-39395

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade to...

9.9CVSS0.01067EPSS
Exploits0References10
Prion
Prion
added 2022/11/10 6:15 p.m.16 views

Default configuration

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade to...

6.5CVSS9.3AI score0.01067EPSS
Exploits0References10Affected Software3
Cvelist
Cvelist
added 2022/11/10 12:0 a.m.49 views

CVE-2022-39395 Vela Insecure Defaults

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade to...

9.6CVSS9.6AI score0.01067EPSS
Exploits0References10
CVE
CVE
added 2022/11/10 12:0 a.m.122 views

CVE-2022-39395

CVE-2022-39395 : Vela’s default configuration allows container breakout in Vela Server/Worker (pre-0.16.0) and Vela UI (pre-0.17.0). Upgrading to Server 0.16.0, Worker 0.16.0, and UI 0.17.0 is required to fix the issue; after patching, admins must explicitly adjust defaults to their desired confi...

9.9CVSS9.3AI score0.01067EPSS
Exploits0References10Affected Software3
Vulnrichment
Vulnrichment
added 2022/11/10 12:0 a.m.10 views

CVE-2022-39395 Vela Insecure Defaults

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade to...

9.6CVSS9.3AI score0.01067EPSS
Exploits0References10
OSV
OSV
added 2022/11/10 12:0 a.m.42 views

CVE-2022-39395 Vela Insecure Defaults

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade to...

9.6CVSS8.8AI score0.01067EPSS
Exploits0References12
OSV
OSV
added 2021/04/09 6:15 p.m.14 views

CVE-2021-21432

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. An authentication mechanism added in version 0.7.0 enables some malicious user to obtain secrets utilizing the injected credentials within the /.netrc file. Refer to the referenced GitHub Security...

6.5CVSS6.8AI score
Exploits0References5
Rows per page
Query Builder