Lucene search
K

14 matches found

OSV
OSV
added 2026/06/25 6:43 p.m.5 views

GO-2026-5338 containerd: CRI checkpoint import allows local image tag poisoning in github.com/containerd/containerd

containerd: CRI checkpoint import allows local image tag poisoning in github.com/containerd/containerd...

9.9CVSS5.8AI score0.00354EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.16 views

containerd: CRI checkpoint import allows local image tag poisoning

Impact containerd's CRI checkpoint import process contains a vulnerability where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd to pull a malicious...

9.9CVSS6.3AI score0.00354EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/19 7:35 p.m.6 views

GHSA-CVXM-645Q-P574 containerd: CRI checkpoint import allows local image tag poisoning

Impact containerd's CRI checkpoint import process contains a vulnerability where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd to pull a malicious...

5.6CVSS6.3AI score0.00354EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.7 views

CVE-2026-31976

xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests 46, 47, 48 injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main...

9.8CVSS6.2AI score0.00496EPSS
Exploits0References1
OSV
OSV
added 2026/03/11 10:18 p.m.6 views

GHSA-F8Q5-H5QH-33MH xygeni-action v5 tag poisoned with C2 backdoor

Description On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests 46, 47, 48 injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main branch. However, the attacker used the...

9.3CVSS6AI score0.00496EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/11 10:18 p.m.9 views

EUVD-2026-11331

xygeni-action v5 tag poisoned with C2 backdoor...

9.3CVSS5.8AI score0.00496EPSS
Exploits0References3
NVD
NVD
added 2026/03/11 8:16 p.m.6 views

CVE-2026-31976

xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests 46, 47, 48 injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main...

9.8CVSS0.00496EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/11 7:44 p.m.2 views

CVE-2026-31976 xygeni-action v5 tag poisoned with C2 backdoor

xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests 46, 47, 48 injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main...

9.3CVSS6AI score0.00496EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/11 7:44 p.m.31 views

CVE-2026-31976 xygeni-action v5 tag poisoned with C2 backdoor

xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests 46, 47, 48 injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main...

9.3CVSS0.00496EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/11 7:44 p.m.4 views

CVE-2026-31976

xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests 46, 47, 48 injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main...

9.3CVSS6AI score0.00496EPSS
Exploits0References3
OSV
OSV
added 2026/03/11 7:44 p.m.6 views

CVE-2026-31976 xygeni-action v5 tag poisoned with C2 backdoor

xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests 46, 47, 48 injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main...

9.3CVSS6.2AI score0.00496EPSS
Exploits0References4
CVE
CVE
added 2026/03/11 7:44 p.m.16 views

CVE-2026-31976

xygeni-action, the GitHub Action for Xygeni Scanner, was abused via tag poisoning: compromised credentials moved the v5 tag to a malicious commit in a PR window (Mar 3–10, 2026). Workflows referencing xygeni-action@v5 could execute a C2 implant on CI runners for up to 180 seconds. The issue stems...

9.8CVSS6AI score0.00496EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.8 views

xygeni-action 安全漏洞

Oxyni-action is a GitHub code security scanning workflow plugin developed by Xygeni. Oxyni-action has a security vulnerability that stems from tag poisoning, which can lead to supply chain attacks, allowing attackers to execute arbitrary commands on the CI runner...

9.8CVSS6.2AI score0.00496EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.8 views

PT-2026-24808

xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests 46, 47, 48 injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main...

9.3CVSS6AI score0.00496EPSS
Exploits0References6
Rows per page
Query Builder