11 matches found
CVE-2026-56815
pwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in the upload handler in Components/Pages/Home.razor...
CVE-2026-56815
pwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in the upload handler in Components/Pages/Home.razor...
CVE-2026-56815
The CVE-2026-56815 entry concerns the pwnlift project, specifically a symlink following vulnerability in the upload handler located at Components/Pages/Home.razor, exploitable in a privileged deployment. Root cause is described as a symlink following issue within the upload handler. The CVSS 3.1 ...
PT-2026-51524
Name of the Vulnerable Software and Affected Versions pwnlift versions prior to d7a9544 Description In a privileged deployment, the upload handler in 'Components/Pages/Home.razor' contains a symlink following issue. This occurs when the application follows symbolic links files that point to anoth...
CVE-2026-47172
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged build workflow completes. The build workflow runs on pull requests, and the deploy workflow checks ou...
CVE-2026-47174 Duck Site: Untrusted pull request code can trigger privileged production deployment
In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The build workflow runs on pull requests, while the deploy workflow runs with package-write permissions and deployment secrets. If an attacker can make a pull request build satisf...
CVE-2026-47174
Technical details such as affected components, versions, exploit paths, and fixes are not provided in the supplied documents; monitor for updates.
CVE-2026-47172
Quest Bot (open-source Discord bot) contains a privilege escalation in the deploy workflow prior to v1.0.3. The repository’s privileged deploy workflow runs after the unprivileged build, and when a PR from a main branch is opened, the deploy workflow can check out the PR head_sha, build it into a...
EUVD-2026-36300
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged build workflow completes. The build workflow runs on pull requests, and the deploy workflow checks ou...
CVE-2026-47172 Quest Bot: Untrusted pull request code can be built and deployed by privileged `workflow_run` deployment.
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged build workflow completes. The build workflow runs on pull requests, and the deploy workflow checks ou...
CVE-2026-47172 Quest Bot: Untrusted pull request code can be built and deployed by privileged `workflow_run` deployment.
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged build workflow completes. The build workflow runs on pull requests, and the deploy workflow checks ou...