9 matches found
CVE-2026-15783
A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with write access to any repository to read metadata from private repositories they did not have access to, including private repository owners and names, branch names, commit SHAs,...
CVE-2026-15783
CVE-2026-15783 (GitHub Enterprise Server) describes a missing authorization flaw where an authenticated user with write access to any repository could read metadata from private repositories they should not access. The attack path involves a delegated bypass endpoint that resolves a rule suite fr...
EUVD-2026-45191
A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with write access to any repository to read metadata from private repositories they did not have access to, including private repository owners and names, branch names, commit SHAs,...
PT-2026-60783
A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with write access to any repository to read metadata from private repositories they did not have access to, including private repository owners and names, branch names, commit SHAs,...
VulnCheck KEV: CVE-2024-9644
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote...
F5 BIG-IP APM 安全漏洞
F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. A source validation error vulnerability exists in the F5 BIG-IP APM Browser Web Access VPN Client, which can be exploited by an attacker to...
Hackers Can Exploit Windows Container Isolation Framework to Bypass Endpoint Security
New findings show that malicious actors could leverage a sneaky malware detection evasion technique and bypass endpoint security solutions by manipulating the Windows Container Isolation Framework. The findings were presented by Deep Instinct security researcher Daniel Avinoam at the DEF CON...
PT-2022-16041 · Cube-Js · Cube-Js
Name of the Vulnerable Software and Affected Versions: cube-js version 0.31.23 Description: The issue concerns a headless business intelligence platform where all authenticated clients could bypass SQL row-level security and run arbitrary SQL via the /v1/sql-runner endpoint. This was resolved in...
Trend Micro Worry-Free Business Security Directory Traversal Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro Worry-Free Business Security. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the TempFileName parameter provided to the...