Lucene search
+L

90 matches found

thn
thn
added 2026/07/09 6:38 p.m.18 views

Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs

Datadog Security Labs is warning of "several overlapping campaigns" that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API. "Operators rely on automated scraping tooling with custom or legitimate-sounding user agents, leveraging...

6AI score
Exploits0
nvd
nvd
added 2026/06/18 2:17 p.m.12 views

CVE-2026-50141

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...

7.1CVSS0.00246EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/06/18 2:13 p.m.8 views

CVE-2026-50141

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...

7.1CVSS5.4AI score0.00246EPSS
Exploits0References6Affected Software1
osv
osv
added 2026/06/18 2:13 p.m.5 views

CVE-2026-50141 Woodpecker gRPC agent_id metadata can be spoofed- cross-tenant agent impersonation

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...

7.1CVSS6AI score0.00246EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.19 views

PT-2026-50677

Name of the Vulnerable Software and Affected Versions Woodpecker versions 3.0.0 through 3.14.0 Description A flaw in the gRPC layer of the CI/CD engine allows an authenticated agent to impersonate any other agent on the same server. This occurs because the server verifies the JWT JSON Web Token b...

7.1CVSS6.1AI score0.00246EPSS
Exploits0References10
snyk
snyk
added 2026/04/14 10:31 p.m.11 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the isHealthCheckRequest function in pkg/middleware/healthcheck.go. An attacker can reach protected endpoints by sending a request with a configured health-check User-Agent, causing the middleware to treat the...

9.3CVSS5.7AI score0.00475EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/04/07 11:1 p.m.5 views

CVE-2026-35449

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the install/test.php diagnostic script has its CLI-only access guard disabled by commenting out the die statement. The script remains accessible via HTTP after installation, exposing video viewer statistics including IP...

5.3CVSS5.9AI score0.00332EPSS
Exploits1References1
nvd
nvd
added 2026/04/06 10:16 p.m.7 views

CVE-2026-35449

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the install/test.php diagnostic script has its CLI-only access guard disabled by commenting out the die statement. The script remains accessible via HTTP after installation, exposing video viewer statistics including IP...

5.3CVSS0.00332EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/04/06 9:46 p.m.3 views

CVE-2026-35449

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the install/test.php diagnostic script has its CLI-only access guard disabled by commenting out the die statement. The script remains accessible via HTTP after installation, exposing video viewer statistics including IP...

5.3CVSS5.9AI score0.00332EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2026/04/06 9:46 p.m.23 views

CVE-2026-35449 WWBN AVideo has Unauthenticated Information Disclosure via Disabled CLI Guard in install/test.php

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the install/test.php diagnostic script has its CLI-only access guard disabled by commenting out the die statement. The script remains accessible via HTTP after installation, exposing video viewer statistics including IP...

5.3CVSS0.00332EPSS
Exploits1References1
snyk
snyk
added 2026/04/04 6:16 a.m.1 views

Information Exposure

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Information Exposure via the install/test.php script when the command-line interface guard is disabled. An attacker can access sensitive information such as viewer...

6.9CVSS5.8AI score0.00332EPSS
Exploits1References2
github
github
added 2026/04/04 6:16 a.m.8 views

AVideo: Unauthenticated Information Disclosure via Disabled CLI Guard in install/test.php

Summary The install/test.php diagnostic script has its CLI-only access guard disabled by commenting out the die statement. The script remains accessible via HTTP after installation, exposing video viewer statistics including IP addresses, session IDs, and user agents to unauthenticated visitors...

5.3CVSS5.9AI score0.00332EPSS
Exploits1References3Affected Software1
osv
osv
added 2026/04/04 6:16 a.m.3 views

GHSA-HG8Q-8WQR-35XX AVideo: Unauthenticated Information Disclosure via Disabled CLI Guard in install/test.php

Summary The install/test.php diagnostic script has its CLI-only access guard disabled by commenting out the die statement. The script remains accessible via HTTP after installation, exposing video viewer statistics including IP addresses, session IDs, and user agents to unauthenticated visitors...

5.3CVSS5.9AI score0.00332EPSS
Exploits1References3
github
github
added 2026/04/01 9:5 p.m.10 views

AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints

Summary The AVideo CreatePlugin template for list.json.php does not include any authentication or authorization check. While the companion templates add.json.php and delete.json.php both require admin privileges, the list.json.php template was shipped without this guard. Every plugin that uses th...

7.5CVSS6AI score0.00376EPSS
Exploits1References4Affected Software1
euvd
euvd
added 2026/04/01 9:5 p.m.10 views

EUVD-2026-17650

AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints...

7.5CVSS5.8AI score0.00376EPSS
Exploits1References3
nvd
nvd
added 2026/03/31 9:16 p.m.5 views

CVE-2026-34732

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo CreatePlugin template for list.json.php does not include any authentication or authorization check. While the companion templates add.json.php and delete.json.php both require admin privileges, the list.json.php...

7.5CVSS0.00376EPSS
Exploits1References1
cve
cve
added 2026/03/31 8:51 p.m.14 views

CVE-2026-34732

CVE-2026-34732 concerns WWBN AVideo. Red Hat, OSV, CVE listings confirm that versions up to 26.0 contain a missing authentication/authorization check in the CreatePlugin template’s list.json.php, unlike add.json.php and delete.json.php which require admin rights. This omission creates 21 unauthen...

7.5CVSS5.9AI score0.00376EPSS
Exploits1References1Affected Software1
ptsecurity
ptsecurity
added 2026/03/31 12:0 a.m.6 views

PT-2026-29362

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo CreatePlugin template for list.json.php does not include any authentication or authorization check. While the companion templates add.json.php and delete.json.php both require admin privileges, the list.json.php...

7.5CVSS5.9AI score0.00376EPSS
Exploits1References3
githubexploit
githubexploit
added 2026/01/05 7:6 p.m.168 views

payload-labkit

payload-labkit Salam, praktisi keamanan! Berikut tiga daftar...

7.8AI score
Exploits0
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2021-30937

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.03288EPSS
Exploits1References3
Rows per page
Query Builder