823 matches found
CVE-2025-61584
serverless-dns is a RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. Versions through abd including 0.1.30 have a vulnerability where the pr.yml GitHub Action interpolates in an unsafe manner untrusted input, specifically the...
CVE-2025-61584
serverless-dns is a RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. Versions through abd including 0.1.30 have a vulnerability where the pr.yml GitHub Action interpolates in an unsafe manner untrusted input, specifically the...
CVE-2025-61584 serverless-dns is vulnerable to Command Injection through pr.yml GitHub Action Workflow
serverless-dns is a RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. Versions through abd including 0.1.30 have a vulnerability where the pr.yml GitHub Action interpolates in an unsafe manner untrusted input, specifically the...
CVE-2025-61584 serverless-dns is vulnerable to Command Injection through pr.yml GitHub Action Workflow
serverless-dns is a RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. Versions through abd including 0.1.30 have a vulnerability where the pr.yml GitHub Action interpolates in an unsafe manner untrusted input, specifically the...
CVE-2025-61584 serverless-dns is vulnerable to Command Injection through pr.yml GitHub Action Workflow
serverless-dns is a RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. Versions through abd including 0.1.30 have a vulnerability where the pr.yml GitHub Action interpolates in an unsafe manner untrusted input, specifically the...
PT-2025-39926
Name of the Vulnerable Software and Affected Versions serverless-dns versions through 0.1.30 Description serverless-dns is a RethinkDNS resolver that deploys to various platforms including Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. A flaw exists where the pr.yml GitHub Action interpolat...
Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues: This...
PT-2025-37986
Here goes another merged PR: https://t.co/cRGKksIzUk Again, I contributed a nuclei template for CVE-2020-27516 at @pdnuclei...
CVE-2025-58371
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remote Code Execution RCE on the Actions runner...
CVE-2025-58371
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remote Code Execution RCE on the Actions runner...
CVE-2025-58371 Roo Code is vulnerable to command injection via GitHub actions workflow
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remote Code Execution RCE on the Actions runner...
CVE-2025-58371 Roo Code is vulnerable to command injection via GitHub actions workflow
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remote Code Execution RCE on the Actions runner...
PT-2025-36339
Name of the Vulnerable Software and Affected Versions: Roo Code versions 3.26.6 and below Description: Roo Code is an AI-powered autonomous coding agent. A Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to achieve Remote Code Execution RCE on...
Linux Distros Unpatched Vulnerability : CVE-2025-47928
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using pullrequesttarget on...
Relative Path Traversal
Overview Affected versions of this package are vulnerable to Relative Path Traversal via insufficient validation in the getConfigFile function in the UIConfigRest class. An attacker can gain unauthorized access to files located in directories that share a common prefix with the intended folder by...
Malicious Nx Packages in 's1ngularity' Attack Leaked 2,349 GitHub, Cloud, and AI Credentials
The maintainers of the nx build system have alerted users to a supply chain attack that allowed attackers to publish malicious versions of the popular npm package and other auxiliary plugins with data-gathering capabilities. "Malicious versions of the nx package, as well as some supporting plugin...
GraphQL Armor Max-Depth Plugin Bypass via Introspection Query Obfuscation
Summary A query depth restriction using the max-depth property can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details At the start of the countDepth function, we have the following check for the ignoreIntrospection option...
traQ Allows Insertion of Sensitive Information into Log File
Impact A vulnerability exists where sensitive information, such as OAuth tokens, is recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an SQL error by methods such as placing a high load on the database. This could allow an...
Linux Distros Unpatched Vulnerability : CVE-2023-32732
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin...
Linux Distros Unpatched Vulnerability : CVE-2025-47947
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable t...