Lucene search
K

971357 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago12 views

Malicious code in @luminarycloudinternal/lcvis-st (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce8dffb72c9f767cbd071bf482fce9acb1ff2283a4800b7862739348b7a89e24 Package @luminarycloudinternal/[email protected] is published to the public npm registry under an internal-looking scope with an artificially high...

5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-55983

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 Form Field in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

7.2CVSS6.2AI score0.00259EPSS
Exploits0References7
NVD
NVD
added 2026/07/01 9:16 p.m.7 views

CVE-2026-14340

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's intended scope. This was possible because the authorization...

5.3CVSS0.00215EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/01 9:3 p.m.8 views

EUVD-2026-41145

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's intended scope. This was possible because the authorization...

5.3CVSS5.8AI score0.00215EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/01 9:3 p.m.34 views

CVE-2026-14340 An incorrect authorization vulnerability in GitHub Enterprise Server allows issue creation in unrelated public repositories

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's intended scope. This was possible because the authorization...

5.3CVSS0.00215EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/01 9:3 p.m.5 views

CVE-2026-14340

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's intended scope. This was possible because the authorization...

5.3CVSS5.8AI score0.00215EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/07/01 9:3 p.m.15 views

CVE-2026-14340

GitHub Enterprise Server (GitHub ES) suffers an incorrect authorization vulnerability (CVE-2026-14340) where a user-to-server token scoped to a GitHub App installation could perform write operations on public repositories outside the token’s scope. The root cause is an authorization check that on...

5.3CVSS5.8AI score0.00215EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/07/01 12:33 a.m.6 views

EUVD-2026-40424

A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary JavaScript in another user's browser by injecting a crafted payload into the title of a Discussion in the Q&A category...

6.3CVSS5.9AI score0.00184EPSS
Exploits0References5
NVD
NVD
added 2026/06/30 10:16 p.m.8 views

CVE-2026-10585

A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary JavaScript in another user's browser by injecting a crafted payload into the title of a Discussion in the Q&A category. The...

6.3CVSS0.00184EPSS
Exploits0References5
CVE
CVE
added 2026/06/30 9:39 p.m.29 views

CVE-2026-10585

CVE-2026-10585 describes a stored XSS in GitHub Enterprise Server where an authenticated attacker could execute JavaScript in another user’s browser by injecting a crafted payload into a Discussion title in the Q&A category. The vulnerability stems from the AnsweredQuestionStructuredDataComponent...

6.3CVSS5.9AI score0.00184EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/30 9:39 p.m.31 views

CVE-2026-10585 Stored cross-site scripting vulnerability in GitHub Enterprise Server allowed arbitrary JavaScript execution via crafted Discussion titles in the Q&A category

A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary JavaScript in another user's browser by injecting a crafted payload into the title of a Discussion in the Q&A category. The...

6.3CVSS0.00184EPSS
Exploits0References5
NVD
NVD
added 2026/06/30 9:16 p.m.7 views

CVE-2026-9106

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the managerunners:org scope and directing ...

5.5CVSS0.00176EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/30 8:21 p.m.8 views

EUVD-2026-40407

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the managerunners:org scope and directing ...

4.8CVSS5.8AI score0.00176EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/30 8:21 p.m.36 views

CVE-2026-9106 UI misrepresentation vulnerability in GitHub Enterprise Server allowed unauthorized organization runner management via undisclosed OAuth scope on consent screen

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the managerunners:org scope and directing ...

4.8CVSS0.00176EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/30 8:21 p.m.6 views

CVE-2026-9106

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the managerunners:org scope and directing ...

4.8CVSS5.8AI score0.00176EPSS
Exploits0References7Affected Software1
Wordfence Blog
Wordfence Blog
added 2026/06/18 4:42 p.m.8 views

Critical Unauthenticated Arbitrary File Deletion Vulnerability Patched in Avada Builder WordPress Plugin

On May 13th, 2026, we received a submission for a critical Unauthenticated Arbitrary File Deletion vulnerability in Avada Builder, a premium WordPress plugin with an estimated 1,000,000 active installations. This vulnerability makes it possible for unauthenticated attackers to delete arbitrary...

9.1CVSS6.6AI score0.01193EPSS
Exploits1
GithubExploit
GithubExploit
added 2026/06/14 8:58 a.m.86 views

TechMyst-Toolkit

TechMyst-Toolkit "An automated Bug...

5.3AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/12 3:47 a.m.77 views

ethical-hacking-security-labs

Ethical Hacking & Network Security Lab Portfolio A hands-on...

10CVSS8AI score0.96184EPSS
Exploits33
GithubExploit
GithubExploit
added 2026/06/11 11:8 a.m.125 views

Bug-Bounty-Practice-lab

Syntex Solutions — Vulnerable Lab ⚠️ WARNING — FOR AUTHOR...

5.8AI score
Exploits0
OSV
OSV
added 2026/06/11 5:5 a.m.11 views

MAL-2026-5582 Malicious code in wp-env (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec2e092036cea9a9b2563e18b3d588ab046800c2160fb820081423b909066759 Package squats the wp-env CLI name commonly invoked as npx wp-env by users intending @wordpress/env. The package ships only bin/run.js declared main:...

5.6AI score
Exploits0References1
Rows per page
Query Builder