Lucene search
K

10 matches found

The Hacker News
The Hacker News
added 2026/06/12 12:4 p.m.26 views

Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code

Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence AI coding agents into running arbitrary code on developer machines. Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake error report crafted usi...

6.6AI score
Exploits0
CVE
CVE
added 2026/05/27 2:43 p.m.19 views

CVE-2026-44971

CVE-2026-44971 affects GuardDog (CLI tool to identify malicious PyPI packages). From version 1.0.0 through 2.9.0, GuardDog’s remote project scanning path rewrites attacker-controlled repository URLs via a blind string replacement and then sends the caller’s GitHub credentials with the resulting r...

8.2CVSS5.8AI score0.00198EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:43 p.m.10 views

CVE-2026-44971

GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an...

8.2CVSS5.8AI score0.00198EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2025/12/30 12:23 a.m.26 views

SUSE CVE-2025-68937

Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later...

9.5CVSS7.1AI score0.00489EPSS
Exploits0References3
CVE
CVE
added 2025/10/01 8:49 p.m.26 views

CVE-2025-59531

CVE-2025-59531 affects Argo CD versions 1.2.0–1.8.7, 2.0.0-rc1–2.14.19, and 3.0.0-rc1–3.2.0-rc1, plus 3.1.7 and 3.0.18. The issue arises when the webhook Bitbucket Server payload is malformed and webhook.bitbucketserver.secret is not configured, causing the /api/webhook endpoint to crash and pote...

7.5CVSS6.3AI score0.00549EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2025/09/30 6:11 p.m.1 views

Improper Check or Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check or Handling of Exceptional Conditions in the /api/webhook endpoint. An attacker can cause the server to crash and disrupt service availability by sending a Bitbucket Server Push event with JSON field repository.links.clon...

8.7CVSS6.9AI score0.00549EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/30 6:11 p.m.1 views

Improper Check or Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check or Handling of Exceptional Conditions in the /api/webhook endpoint. An attacker can cause the server to crash and disrupt service availability by sending a Bitbucket Server Push event with JSON field repository.links.clon...

8.7CVSS6.9AI score0.00549EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/30 6:11 p.m.1 views

Improper Check or Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check or Handling of Exceptional Conditions in the /api/webhook endpoint. An attacker can cause the server to crash and disrupt service availability by sending a Bitbucket Server Push event with JSON field repository.links.clon...

8.7CVSS6.9AI score0.00549EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.3 views

PT-2025-40055

Name of the Vulnerable Software and Affected Versions Argo CD versions 1.2.0 through 1.8.7 Argo CD versions 2.0.0-rc1 through 2.14.19 Argo CD versions 3.0.0-rc1 through 3.2.0-rc1 Argo CD version 3.1.7 Argo CD version 3.0.18 Description Argo CD is susceptible to denial of service through malicious...

9.9CVSS6.6AI score0.02829EPSS
Exploits11References52
Snyk
Snyk
added 2025/05/28 2:30 p.m.1 views

Cross-site Scripting (XSS)

Overview github.com/argoproj/argo-cd/v2/ui is a declarative, GitOps continuous delivery tool for Kubernetes. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper filtering of repository URLs in the UI. An attacker can execute unauthorized API actions via th...

9CVSS5.4AI score0.00411EPSS
Exploits0References2
Rows per page
Query Builder