Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2026/03/16 8:47 p.m.8 views

Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration

Summary Kargo's built-in http and http-download promotion steps execute outbound HTTP requests from the Kargo controller. By design, these steps do not restrict destination addresses, as there are legitimate use cases for requests to internal and private endpoints. However, this also permits...

5.1CVSS6AI score0.00328EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.3 views

PT-2026-26462

Name of the Vulnerable Software and Affected Versions Kargo versions 1.4.0 through 1.6.3 Kargo versions 1.7.0-rc.1 through 1.7.8 Kargo versions 1.8.0-rc.1 through 1.8.11 Kargo versions 1.9.0-rc.1 through 1.9.4 Description Kargo's built-in http and http-download promotion steps allow Server-Side...

5.1CVSS5.9AI score0.00328EPSS
Exploits0References7
EUVD
EUVD
added 2025/11/12 4:29 a.m.2 views

EUVD-2025-114330

Malicious code in dotenv-safe-transport-corvus-hydra npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/12 4:29 a.m.1 views

EUVD-2025-114331

Malicious code in dotenv-safe-transport-aether-miranda npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:29 a.m.2 views

Malicious code in dotenv-safe-transport-corvus-hydra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d833eb99411857bbedad036c317ede897b63d5919e73e692817feacf64b3549 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/12 4:29 a.m.2 views

MAL-2025-141779 Malicious code in dotenv-safe-transport-corvus-hydra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d833eb99411857bbedad036c317ede897b63d5919e73e692817feacf64b3549 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Rows per page
Query Builder