Recently added

yutu: Arbitrary File Write via MCP `caption-download` Tool

The caption-download MCP tool in yutu passes the caller-supplied file parameter directly to os.Create() at pkg/caption/caption.go:272 without any path validation, canonicalization, or confinement to the pkg.Root boundary (YUTU_ROOT). A local attacker — or any process able to reach the HTTP MCP server — can write arbitrary content to any path writable by the yutu process, entirely outside the intended working directory. This is a High severity vulnerability (CVSS 7.7) with …

Woodpecker: Privilege escalation via unrestricted serviceAccountName in the Kubernetes backend

A privilege escalation vulnerability affects Woodpecker instances using the Kubernetes backend. The pipeline option backend_options.kubernetes.serviceAccountName was passed directly to the pod spec without any admin gating. Who is impacted: any operator running the Kubernetes backend. Any user with Push permission on a connected repository can run pipeline pods under an arbitrary ServiceAccount in the pipeline namespace, gaining that account's RBAC permissions. If a privileged ServiceAccount is reachable in that namespace, …

Woodpecker: Privilege escalation via unrestricted serviceAccountName in the Kubernetes backend

A privilege escalation vulnerability affects Woodpecker instances using the Kubernetes backend. The pipeline option backend_options.kubernetes.serviceAccountName was passed directly to the pod spec without any admin gating. Who is impacted: any operator running the Kubernetes backend. Any user with Push permission on a connected repository can run pipeline pods under an arbitrary ServiceAccount in the pipeline namespace, gaining that account's RBAC permissions. If a privileged ServiceAccount is reachable in that namespace, …

Woodpecker: Privilege escalation via unrestricted serviceAccountName in the Kubernetes backend

A privilege escalation vulnerability affects Woodpecker instances using the Kubernetes backend. The pipeline option backend_options.kubernetes.serviceAccountName was passed directly to the pod spec without any admin gating. Who is impacted: any operator running the Kubernetes backend. Any user with Push permission on a connected repository can run pipeline pods under an arbitrary ServiceAccount in the pipeline namespace, gaining that account's RBAC permissions. If a privileged ServiceAccount is reachable in that namespace, …

Wasmtime: Memory leak in C API with `externref` and `anyref` types

Wasmtime 37.0.0 and 37.0.1 have memory leaks in the C/C++ API when using bindings for the anyref or externref WebAssembly values. This is caused by a regression introduced during the development of 37.0.0 and all prior versions of Wasmtime are unaffected. If anyref or externref is not used in the C/C++ API then embeddings are also unaffected by the leaky behavior. The wasmtime Rust crate is unaffected by this leak. …

Wasmtime: Memory leak in C API with `externref` and `anyref` types

Wasmtime 37.0.0 and 37.0.1 have memory leaks in the C/C++ API when using bindings for the anyref or externref WebAssembly values. This is caused by a regression introduced during the development of 37.0.0 and all prior versions of Wasmtime are unaffected. If anyref or externref is not used in the C/C++ API then embeddings are also unaffected by the leaky behavior. The wasmtime Rust crate is unaffected by this leak. …

Umbraco.AI discloses sensitive application configuration values

Under certain configurations, a user with elevated privileges may be able to cause sensitive application configuration values, potentially including secret material such as credentials, to be disclosed. Successful exploitation could expose confidential information and, depending on what the affected installation stores in configuration, enable further compromise. Exploitation requires access to the AI section of the backoffice and a specific custom AI provider, which limits real-world exposure.

Recently updated

Two LiteLLM versions published containing credential harvesting malware

After an API Token exposure from an exploited trivy dependency, two new releases of litellm were uploaded to PyPI containing automatically activated malware, harvesting sensitive credentials and files, and exfiltrating to a remote API. Anyone who has installed and run the project should assume any credentials available to litellm environment may have been exposed, and revoke/rotate thema ccordingly.