Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CNNVD
CNNVDadded 2026/04/21 12:0 a.m.3 views

Oracle Workflow 安全漏洞

Oracle Workflow is a business process automation engine developed by Oracle, a US-based company. Versions 12.2.3 to 12.2.15 of Oracle Workflow contain security vulnerabilities. These vulnerabilities stem from issues with the Workflow Loader component. Vulnerable attackers could exploit these...

5.5CVSS7.2AI score0.00043EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/03/20 8:37 a.m.1 views

CVE-2026-33075

FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pullrequesttarget which runs with access to repository secrets but checks out cod...

9.4CVSS6.4AI score0.00019EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2026/01/27 1:16 a.m.0 views

UBUNTU-CVE-2026-24480

QGIS is a free, open source, cross platform geographical information system GIS The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code execution and repository compromise because it...

8.7CVSS6.4AI score0.00541EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-32806

Malicious code in bioql PyPI...

7.1CVSS7AI score0.00391EPSS
Exploits1References1
OSV
OSVadded 2025/08/27 11:12 p.m.1 views

MAL-2025-41442 Malicious code in @nx/workspace (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security de4f725d7676817771f8e239509ac7b8d148e2c69e16a7c8129d87e88f992988 The nx project and associated plugins were compromised via a vulnerable GitHub workflow that allowed code injection and the theft of an NP...

9.6CVSS7.6AI score0.0031EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/08/27 11:12 p.m.3 views

Malicious code in nx (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 94e241aa8202f641d66991ca134d9c18bf1fecbf8e89c2f2052aa2a7a41e5148 The nx project and associated plugins were compromised via a vulnerable GitHub workflow that allowed code injection and the theft of an NP...

7.5AI score
Exploits0References2
OSV
OSVadded 2025/08/27 4:42 p.m.35 views

GHSA-CXM3-WV7P-598C Malicious versions of Nx were published

Summary Malicious versions of the nx package, as well as some supporting plugin packages, were published to npm, containing code that scans the file system, collects credentials, and posts them to GitHub as a repo under user's accounts. Immediate Actions Required For all users, check if you were...

9.6CVSS7.8AI score0.0031EPSS
Exploits0References13
Vulnrichment
Vulnrichmentadded 2025/08/05 11:31 p.m.2 views

CVE-2025-54594 react-native-bottom-tabs: Arbitrary code execution in GitHub Actions canary workflow leads to secret exfiltration

react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...

9.1CVSS6.6AI score0.0035EPSS
Exploits0References3
Rows per page
Query Builder