CVE-2026-24042 Appsmith public apps can execute unpublished actions (viewMode confusion)

Appsmith is a platform to build admin panels, internal tools, and dashboards. In versions 1.94 and below, publicly accessible apps allow unauthenticated users to execute unpublished edit-mode actions by sending viewMode=false or omitting it to POST /api/v1/actions/execute. This bypasses the...

The vulnerability of the corporate version of the GitHub Enterprise Server, related to incorrect authorization, allows a perpetrator to create new branches in public repositories and execute arbitrary GitHub Actions processes with the permission of GITHUB_TOKEN.

The vulnerability of the corporate version of the GitHub Enterprise Server is related to improper authentication. Exploiting this vulnerability allows a malicious actor to create new branches in public repositories and execute arbitrary GitHub Actions processes with the permission of GITHUBTOKEN...

PT-2024-4030 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.8 through 3.11.4 GitHub Enterprise Server versions prior to 3.9.10 GitHub Enterprise Server versions prior to 3.10.7 GitHub Enterprise Server versions prior to 3.11.5 Description: The issue is related to an...

PT-2021-16571 · Samsung · Bixby

Name of the Vulnerable Software and Affected Versions: Bixby versions prior to 3.0.53.02 Description: The issue arises from improper handling of exceptional conditions, allowing an attacker to execute actions registered by the user. Recommendations: For versions prior to 3.0.53.02, update to...