Lucene search
+L

191 matches found

OSV
OSV
added 2026/04/11 2:5 p.m.6 views

OESA-2026-1881 busybox security update

BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fixes: BusyBox...

6.5CVSS5.8AI score0.00285EPSS
Exploits1References2
OSV
OSV
added 2026/04/11 2:5 p.m.5 views

OESA-2026-1880 busybox security update

BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fixes: BusyBox...

6.5CVSS7.1AI score0.00285EPSS
Exploits1References2
OSV
OSV
added 2026/04/11 2:5 p.m.7 views

OESA-2026-1879 busybox security update

BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fixes: BusyBox...

6.5CVSS5.8AI score0.00285EPSS
Exploits1References2
Wiz blog
Wiz blog
added 2026/04/04 9:36 a.m.4 views

Six Accounts, One Actor: Inside the prt-scan Supply Chain Campaign

After hackerbot-claw, another AI-powered campaign exploiting pullrequesttarget confirms the threat is here to stay. We trace the attacker back to three weeks before anyone noticed...

5.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/01 7:20 p.m.6 views

Securing the open source supply chain across GitHub

Over the past year, a new pattern has emerged in attacks on the open source supply chain. Attackers are focusing on exfiltrating secrets like API keys in order to both publish malicious packages from an attacker-controlled machine as well as gain access to more projects in order to propagate the...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.7 views

CVE-2026-33075

FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pullrequesttarget which runs with access to repository secrets but checks out cod...

9.4CVSS6.4AI score0.00297EPSS
Exploits1References1
Hacker One
Hacker One
added 2026/03/21 4:20 a.m.24 views

DuckDuckGo: RCE + PAT Exfiltration via pull_request_target in privacy-configuration/auto-respond-pr.yml — Direct Supply Chain to All DDG Browsers

A vulnerability was discovered in the "auto-respond-pr.yml" GitHub Actions workflow of the "privacy-configuration" repository. The workflow used the "pullrequesttarget" trigger, which checked out the fork's repository as both the "base" and "PR" branches. This allowed an attacker to control the...

6.2AI score
Exploits0
Hacker One
Hacker One
added 2026/03/21 4:20 a.m.22 views

DuckDuckGo: RCE + Supply Chain Attack via pull_request_target in content-scope-scripts/semver-label.yml — Affects All DuckDuckGo Browsers

A vulnerability was discovered in the DuckDuckGo content-scope-scripts repository's GitHub Actions workflow. The workflow used the pullrequesttarget trigger without access controls, allowing untrusted code from fork pull requests to be checked out and executed. This could have led to remote code...

6.3AI score
Exploits0
NVD
NVD
added 2026/03/20 9:16 a.m.14 views

CVE-2026-33075

FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pullrequesttarget which runs with access to repository secrets but checks out cod...

9.4CVSS0.00297EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 8:37 a.m.4 views

CVE-2026-33075

FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pullrequesttarget which runs with access to repository secrets but checks out cod...

9.4CVSS6.4AI score0.00297EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 8:37 a.m.9 views

CVE-2026-33075 FastGPT has Arbitrary Code Execution in GitHub Actions via pull_request_target in fastgpt-preview-image.yml

FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pullrequesttarget which runs with access to repository secrets but checks out cod...

9.4CVSS6.4AI score0.00297EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/20 8:37 a.m.8 views

EUVD-2026-13645

FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pullrequesttarget which runs with access to repository secrets but checks out cod...

9.4CVSS6.4AI score0.00297EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/20 8:37 a.m.28 views

CVE-2026-33075 FastGPT has Arbitrary Code Execution in GitHub Actions via pull_request_target in fastgpt-preview-image.yml

FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pullrequesttarget which runs with access to repository secrets but checks out cod...

9.4CVSS0.00297EPSS
Exploits1References1
OSV
OSV
added 2026/03/20 8:37 a.m.11 views

CVE-2026-33075 FastGPT has Arbitrary Code Execution in GitHub Actions via pull_request_target in fastgpt-preview-image.yml

FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pullrequesttarget which runs with access to repository secrets but checks out cod...

9.4CVSS6.4AI score0.00297EPSS
Exploits1References3
CVE
CVE
added 2026/03/20 8:37 a.m.32 views

CVE-2026-33075

FastGPT (AI Agent platform) has a documented vulnerability in versions 4.14.8.3 and earlier affecting the fastgpt-preview-image.yml workflow. The issue arises from using pull_request_target, which can access repository secrets, while checking out code from the PR author’s fork and building/pushin...

9.4CVSS6.4AI score0.00297EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.12 views

PT-2026-26590

FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pull request target which runs with access to repository secrets but checks out...

9.4CVSS6.4AI score0.00297EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.9 views

CVE-2026-27941

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...

9.9CVSS5.5AI score0.00395EPSS
Exploits1References1
NVD
NVD
added 2026/02/26 2:16 a.m.13 views

CVE-2026-27941

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...

9.9CVSS0.00395EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/26 1:17 a.m.25 views

CVE-2026-27941 OpenLIT Vulnerable to Remote Code Execution and Secret Exposure via Misuse of `pull_request_target` in GitHub Actions Workflows

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...

9.9CVSS0.00395EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/26 1:17 a.m.7 views

CVE-2026-27941

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...

9.9CVSS5.6AI score0.00395EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder