Lucene search
K

4 matches found

NVD
NVD
added 2026/06/11 7:16 p.m.8 views

CVE-2026-47174

In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The build workflow runs on pull requests, while the deploy workflow runs with package-write permissions and deployment secrets. If an attacker can make a pull request build satisf...

9.5CVSS0.00312EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 6:46 p.m.9 views

EUVD-2026-36290

In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The build workflow runs on pull requests, while the deploy workflow runs with package-write permissions and deployment secrets. If an attacker can make a pull request build satisf...

9.5CVSS5.3AI score0.00312EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

Duck Site 安全漏洞

Duck Site is a website content management tool open source by the Duck Organization. Versions of Duck Site prior to 1.0.1 contained security vulnerabilities. These vulnerabilities stemmed from improper deployment of workflow condition checks, which could allow attacker-controlled pull request cod...

9.5CVSS5.3AI score0.00312EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.15 views

PT-2026-48713

In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The build workflow runs on pull requests, while the deploy workflow runs with package-write permissions and deployment secrets. If an attacker can make a pull request build satisf...

9.5CVSS5.3AI score0.00312EPSS
Exploits0References2
Rows per page
Query Builder