Lucene search
K

5 matches found

CVE
CVE
added 2026/06/30 3:57 p.m.22 views

CVE-2026-58370

Woodpecker

9.2CVSS6AI score0.00546EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/30 3:57 p.m.38 views

CVE-2026-58370 Woodpecker < 3.15.0 - GitLab Approval Gate Bypass via Spoofable Commit Author Name

Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author. For the GitLab forge driver, pipeline.Author is populated from the git commit author name commit.author.name carried in the webhook payload, which is attacker-controlled and not verified by GitLab. A us...

9.2CVSS0.00546EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.13 views

PT-2026-6930

Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.19 Description WeKan contains an insecure direct object reference IDOR in the card comment creation API. The API endpoint accepts an authorId from the request body, which allows an authenticated user to spoof the...

5.3CVSS5.4AI score0.00246EPSS
Exploits0References7
EUVD
EUVD
added 2025/11/29 12:38 a.m.5 views

EUVD-2025-199884

PubNet is a self-hosted Dart & Flutter package service. Prior to version 1.1.3, the /api/storage/upload endpoint in PubNet allows unauthenticated users to upload packages as any user by providing arbitrary author-id values. This enables identity spoofing, privilege escalation, and supply chain...

9.4CVSS6.8AI score0.00453EPSS
Exploits1References1
OSV
OSV
added 2015/04/08 12:0 a.m.4 views

UBUNTU-CVE-2015-0251

The moddavsvn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences...

4CVSS7.3AI score0.07558EPSS
Exploits0References4
Rows per page
Query Builder