Lucene search
K

13 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/25 9:41 p.m.11 views

CVE-2021-47987

Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it define...

7.7CVSS5.9AI score0.0012EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.22 views

PT-2026-45483

Impact When relying solely on a git commit ID SHA-1 or SHA-256 to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas configuration, users may be tricked to check out a branch of the same name from this repository. This implies that the...

2.1CVSS5.7AI score0.00018EPSS
Exploits0References9
EUVD
EUVD
added 2026/04/14 3:10 a.m.4 views

EUVD-2026-22214

PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the...

9.1CVSS5.8AI score0.00305EPSS
Exploits0References3
OSV
OSV
added 2026/01/21 8:41 a.m.5 views

BIT-GRADLE-2026-22816 Gradle fails to disable repositories which can expose builds to malicious artifacts

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...

8.6CVSS5.6AI score0.00149EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 4:25 a.m.3 views

Malicious code in wide_raccoon_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01f6bd6801d61369281bdfee656f3a248745bc924f3a17d40978ea7f2fd5a4bc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2014-9743

Malware in sbrugna...

8.8CVSS8.6AI score0.0232EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-32004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in su...

8.1CVSS7.5AI score0.01271EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/07/21 7:19 p.m.12 views

RageAgainstThePixel/setup-steamcmd leaked authentication token in job output logs

Summary Log output includes authentication token that provides full account access Details The post job action prints the contents of config/config.vdf which holds the saved authentication token and can be used to sign in on another machine. This means any public use of this action leaves...

6.8AI score
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/04 9:34 p.m.26 views

CVE-2025-31479

canonical/get-workflow-version-action is a GitHub composite action to get commit SHA that GitHub Actions reusable workflow was called with. Prior to 1.0.1, if the get-workflow-version-action step fails, the exception output may include the GITHUBTOKEN. If the full token is included in the excepti...

8.2CVSS6.8AI score0.00589EPSS
Exploits0References1
Circl
Circl
added 2025/02/25 7:44 p.m.3 views

GHSA-W32M-9786-JP63

creationtimestamp| type| source ---|---|--- 2025-02-25 19:44:55+00:00| seen| https://gist.github.com/ruokun-niu/25de36e2d9507c94536ff4058d807551...

7.2AI score
Exploits0References1
OSV
OSV
added 2024/03/13 12:31 p.m.2 views

GHSA-7G97-7R3C-5CC6 In Quarkus, git credentials could be inadvertently published

A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk...

3.5CVSS5.8AI score0.00595EPSS
Exploits0References8
OSV
OSV
added 2024/03/13 10:15 a.m.3 views

CVE-2024-1979

A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk...

3.5CVSS5.7AI score0.00595EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/03/05 9:30 p.m.15 views

CVE-2024-1979

A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk. Mitigation Ensure that at least one of the preconditions is not present in your environment...

3.5CVSS3.9AI score0.00595EPSS
Exploits0References4
Rows per page
Query Builder