Lucene search
K

156 matches found

Cvelist
Cvelist
added 2026/03/20 8:37 a.m.26 views

CVE-2026-33075 FastGPT has Arbitrary Code Execution in GitHub Actions via pull_request_target in fastgpt-preview-image.yml

FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pullrequesttarget which runs with access to repository secrets but checks out cod...

9.4CVSS0.00297EPSS
Exploits1References1
OSV
OSV
added 2026/03/20 8:37 a.m.11 views

CVE-2026-33075 FastGPT has Arbitrary Code Execution in GitHub Actions via pull_request_target in fastgpt-preview-image.yml

FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pullrequesttarget which runs with access to repository secrets but checks out cod...

9.4CVSS6.4AI score0.00297EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/20 8:37 a.m.8 views

EUVD-2026-13645

FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pullrequesttarget which runs with access to repository secrets but checks out cod...

9.4CVSS6.4AI score0.00297EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.10 views

PT-2026-26590

FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pull request target which runs with access to repository secrets but checks out...

9.4CVSS6.4AI score0.00297EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.9 views

CVE-2026-27941

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...

9.9CVSS5.5AI score0.00395EPSS
Exploits1References1
NVD
NVD
added 2026/02/26 2:16 a.m.13 views

CVE-2026-27941

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...

9.9CVSS0.00395EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/26 1:17 a.m.25 views

CVE-2026-27941 OpenLIT Vulnerable to Remote Code Execution and Secret Exposure via Misuse of `pull_request_target` in GitHub Actions Workflows

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...

9.9CVSS0.00395EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/26 1:17 a.m.7 views

EUVD-2026-8804

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...

9.9CVSS5.6AI score0.00395EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/26 1:17 a.m.7 views

CVE-2026-27941

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...

9.9CVSS5.6AI score0.00395EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/02/26 1:17 a.m.7 views

CVE-2026-27941 OpenLIT Vulnerable to Remote Code Execution and Secret Exposure via Misuse of `pull_request_target` in GitHub Actions Workflows

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...

9.9CVSS5.7AI score0.00395EPSS
Exploits1References4
CVE
CVE
added 2026/02/26 1:17 a.m.26 views

CVE-2026-27941

OpenLIT prior to v1.37.1 used GitHub Actions workflows that employed pull_request_target to check out and run untrusted code from forks. This created a risk where workflows executed with the security context of the base repository, including a write-privileged GITHUB_TOKEN and sensitive secrets (...

9.9CVSS5.6AI score0.00395EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.14 views

PT-2026-22081

Name of the Vulnerable Software and Affected Versions OpenLIT versions prior to 1.37.1 Description OpenLIT, an open source AI engineering platform, has an issue in GitHub Actions workflows prior to version 1.37.1. These workflows use the pull request target event and execute untrusted code from...

9.9CVSS6.2AI score0.00395EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2026/01/31 3:21 p.m.8 views

CVE-2026-1699

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...

10CVSS6.2AI score0.00504EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-24480

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - QGIS is a free, open source, cross platform geographical information system GIS The repository contains a GitHub Actions workflow called pre-commit checks that,...

8.7CVSS6.4AI score0.00414EPSS
Exploits0References2
NVD
NVD
added 2026/01/30 10:15 a.m.9 views

CVE-2026-1699

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...

10CVSS0.00504EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/30 9:57 a.m.3 views

CVE-2026-1699

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...

10CVSS6AI score0.00504EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/01/30 9:57 a.m.5 views

CVE-2026-1699

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...

10CVSS6.2AI score0.00504EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/30 9:57 a.m.34 views

CVE-2026-1699

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...

10CVSS0.00504EPSS
Exploits1References1
CVE
CVE
added 2026/01/30 9:57 a.m.15 views

CVE-2026-1699

CVE-2026-1699 concerns the Eclipse Theia Website repository. The issue: the GitHub Actions workflow .github/workflows/preview.yml used the pull_request_target trigger while checking out and executing untrusted PR code. This allowed any GitHub user to run arbitrary code in the repository’s CI envi...

10CVSS6.2AI score0.00504EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.9 views

Eclipse Theia – Website security vulnerabilities

Eclipse Theia - Website is an development environment framework created by the Eclipse Foundation. There is a security vulnerability in Eclipse Theia - Website, which stems from the use of pullrequesttarget triggers in GitHub Actions workflows to execute untrusted code. This vulnerability may lea...

10CVSS6.2AI score0.00504EPSS
Exploits1References2
Rows per page
Query Builder