5 matches found
CVE-2026-1699
In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...
EUVD-2026-5040
In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...
EUVD-2024-27672
Malicious code in bioql PyPI...
CVE-2024-2727 Stored Cross-Site Scripting (Stored-XSS) vulnerability in the CIGESv2 system
HTML injection vulnerability affecting the CIGESv2 system, which allows an attacker to inject arbitrary code and modify elements of the website and email confirmation message...
CVE-2024-2727 Stored Cross-Site Scripting (Stored-XSS) vulnerability in the CIGESv2 system
HTML injection vulnerability affecting the CIGESv2 system, which allows an attacker to inject arbitrary code and modify elements of the website and email confirmation message...