827 matches found
EUVD-2022-3278
Malicious code in bioql PyPI...
EUVD-2023-0443
Malicious code in bioql PyPI...
EUVD-2023-27852
Malicious code in bioql PyPI...
EUVD-2024-35854
Malicious code in bioql PyPI...
CVE-2025-61584
serverless-dns is a RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. Versions through abd including 0.1.30 have a vulnerability where the pr.yml GitHub Action interpolates in an unsafe manner untrusted input, specifically the...
CVE-2025-61584
serverless-dns is a RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. Versions through abd including 0.1.30 have a vulnerability where the pr.yml GitHub Action interpolates in an unsafe manner untrusted input, specifically the...
CVE-2025-61584 serverless-dns is vulnerable to Command Injection through pr.yml GitHub Action Workflow
serverless-dns is a RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. Versions through abd including 0.1.30 have a vulnerability where the pr.yml GitHub Action interpolates in an unsafe manner untrusted input, specifically the...
CVE-2025-61584 serverless-dns is vulnerable to Command Injection through pr.yml GitHub Action Workflow
serverless-dns is a RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. Versions through abd including 0.1.30 have a vulnerability where the pr.yml GitHub Action interpolates in an unsafe manner untrusted input, specifically the...
CVE-2025-61584 serverless-dns is vulnerable to Command Injection through pr.yml GitHub Action Workflow
serverless-dns is a RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. Versions through abd including 0.1.30 have a vulnerability where the pr.yml GitHub Action interpolates in an unsafe manner untrusted input, specifically the...
PT-2025-39926
Name of the Vulnerable Software and Affected Versions serverless-dns versions through 0.1.30 Description serverless-dns is a RethinkDNS resolver that deploys to various platforms including Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. A flaw exists where the pr.yml GitHub Action interpolat...
Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues: This...
PT-2025-37986
Here goes another merged PR: https://t.co/cRGKksIzUk Again, I contributed a nuclei template for CVE-2020-27516 at @pdnuclei...
CVE-2025-58371
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remote Code Execution RCE on the Actions runner...
CVE-2025-58371
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remote Code Execution RCE on the Actions runner...
CVE-2025-58371 Roo Code is vulnerable to command injection via GitHub actions workflow
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remote Code Execution RCE on the Actions runner...
CVE-2025-58371 Roo Code is vulnerable to command injection via GitHub actions workflow
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remote Code Execution RCE on the Actions runner...
PT-2025-36339
Name of the Vulnerable Software and Affected Versions: Roo Code versions 3.26.6 and below Description: Roo Code is an AI-powered autonomous coding agent. A Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to achieve Remote Code Execution RCE on...
Linux Distros Unpatched Vulnerability : CVE-2025-47928
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using pullrequesttarget on...
Relative Path Traversal
Overview Affected versions of this package are vulnerable to Relative Path Traversal via insufficient validation in the getConfigFile function in the UIConfigRest class. An attacker can gain unauthorized access to files located in directories that share a common prefix with the intended folder by...
Malicious Nx Packages in 's1ngularity' Attack Leaked 2,349 GitHub, Cloud, and AI Credentials
The maintainers of the nx build system have alerted users to a supply chain attack that allowed attackers to publish malicious versions of the popular npm package and other auxiliary plugins with data-gathering capabilities. "Malicious versions of the nx package, as well as some supporting plugin...