CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

222 matches found

CVE•added 2026/01/22 10:1 p.m.•14 views

CVE-2026-20888

Summary: CVE-2026-20888 affects Gitea’s web interface for scheduled auto-merges. The root cause is improper authorization verification when canceling scheduled auto-merges via the web UI. What is affected: Gitea, specifically the ability to cancel auto-merges scheduled by other users, even when a...

4.3CVSS5.4AI score0.00303EPSS

Exploits0References5Affected Software1

RedhatCVE•added 2026/01/14 9:18 p.m.•10 views

CVE-2026-22869

Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow .github/workflows/ci.yml allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pullrequesttarget trigger combined with checkout of untrusted PR...

9.8CVSS7.8AI score0.00546EPSS

Exploits1References1

NVD•added 2026/01/13 9:15 p.m.•5 views

CVE-2026-22869

9.8CVSS0.00546EPSS

Exploits1References4

EUVD•added 2026/01/13 8:38 p.m.•3 views

EUVD-2026-2414

9.3CVSS7.4AI score0.00546EPSS

Exploits1References4

OSV•added 2026/01/13 8:38 p.m.•3 views

CVE-2026-22869 Eigent Allows Arbitrary Code Execution via pull_request_target CI Workflow

9.3CVSS7.8AI score0.00546EPSS

Exploits1References6

CVE•added 2026/01/13 8:38 p.m.•32 views

CVE-2026-22869

Eigent’s CVE-2026-22869 affects its CI workflow (.github/workflows/ci.yml) used in the Eigent multi‑agent Workforce. The vulnerability arises from using the pull_request_target trigger in combination with checking out untrusted PR code, enabling arbitrary code execution from fork pull requests wi...

9.8CVSS7.5AI score0.00546EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/01/13 12:0 a.m.•4 views

PT-2026-2803

Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow .github/workflows/ci.yml allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pull request target trigger combined with checkout of untrusted ...

9.3CVSS7.8AI score0.00546EPSS

Exploits1References6

Packet Storm News•added 2025/12/31 12:0 a.m.•3 views

Understanding Security Risks of AI Agents' Dependency Updates

Package dependencies are a critical control point in modern software supply chains. Dependency changes can substantially alter a project's security posture. As AI coding agents increasingly modify software via pull requests, it is unclear whether their dependency decisions introduce distinct...

6.9AI score

Exploits0

RedhatCVE•added 2025/12/04 8:12 p.m.•3 views

CVE-2025-66219

willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API exec to which it concatenates user...

9.8CVSS7.3AI score0.02371EPSS

Exploits1References1

EUVD•added 2025/11/29 1:34 a.m.•2 views

EUVD-2025-199887

6.9CVSS6.8AI score0.02371EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-15148

Malware in sbrugna...

7.8CVSS7.4AI score0.02253EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2016-4167

Malware in sbrugna...

6.5CVSS7AI score0.00852EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-0958