Exploit for Command Injection in Github Enterprise_Server

CVE-2026-3854 — GitHub Enterprise Server RCE via Push Option I...

Exploit for Command Injection in Github Enterprise_Server

CVE-2026-3854 PoC — GitHub RCE via X-Stat Push Option Injectio...

CVE-2026-3854

creationtimestamp| type| source ---|---|--- 2026-03-20 10:34:07+00:00| seen| https://bsky.app/profile/secqube.com/post/3mhicwrgk6i2t 2026-04-28 13:30:00+00:00| seen| https://github.blog/security/securing-the-git-push-pipeline-responding-to-a-critical-remote-code-execution-vulnerability/ 2026-04-2...

MiracleLinux 8 : thunderbird-115.10.0-2.el8_9.ML.1 (AXSA:2024-7726:10)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7726:10 advisory. Mozilla: Denial of Service using HTTP/2 CONTINUATION frames CVE-2024-3302 Tenable has extracted the preceding description block directly from the...

TencentOS Server 4: firefox (TSSA-2024:0153)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0153 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 3: thunderbird (TSSA-2024:0142)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0142 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2005-3854

Cross-site scripting XSS vulnerability in index.php in EasyPageCMS allows remote attackers to inject arbitrary web script or HTML via the cat parameter...

CVE-2025-3854

creationtimestamp| type| source ---|---|--- 2025-04-21 14:27:09+00:00| seen| https://infosec.exchange/users/vuldb/statuses/114376417527828395 2025-04-22 01:02:24+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12775 2025-04-22 03:04:30+00:00| seen|...

Azure Linux 3.0 Security Update: ceph (CVE-2022-3854)

The version of ceph installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3854 advisory. - A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL...

openSUSE: Security Advisory for the Linux Kernel (Live Patch 44 for SLE 15 SP3) (SUSE-SU-2024:3854-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CBL Mariner 2.0 Security Update: ceph (CVE-2022-3854)

The version of ceph installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3854 advisory. - A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL...

CVE-2022-3854 affecting package ceph for versions less than 16.2.10-3

CVE-2022-3854 affecting package ceph for versions less than 16.2.10-3. A patched version of the package is available...

RLSA-2024:1908 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.10.0 ESR. Security Fixes: GetBoundName in the JIT returned the wrong object CVE-2024-3852 Out-of-bounds-read after mis-optimized switch...

SUSE: Security Advisory (SUSE-SU-2024:1319-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:1350-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RLSA-2024:1912 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.10.0 ESR. Security Fixes: GetBoundName in the JIT returned the wrong object CVE-2024-3852 Out-of-bounds-read after mis-optimized switch...

Important: firefox

Issue Overview: An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. This vulnerability affects Firefox 124.0.1 and Firefox ESR 115.9.1. CVE-2024-29944 There was no limit to the number of HTTP/2 CONTINUATIO...

Amazon Linux 2 : firefox (ALASFIREFOX-2024-024)

The version of firefox installed on the remote host is prior to 115.10.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-024 advisory. An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript...

Mageia: Security Advisory (MGASA-2024-0153)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated thunderbird packages fix security vulnerabilities

CVE-2024-3852: GetBoundName in the JIT returned the wrong object CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement CVE-2024-3857: Incorrect JITting of arguments led to use-after-free during garbage collection CVE-2024-2609: Permission prompt input delay could expire when not ...