CVE-2022-0242

Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0...

CVE-2022-0970

Cross-site Scripting XSS - Stored in GitHub repository getgrav/grav prior to 1.7.31...

CVE-2022-0965

Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4...

CVE-2022-0736

Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1...

CVE-2022-0956

Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4...

CVE-2022-0938

Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4...

CVE-2022-0941

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4...

CVE-2022-0921

Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12...

CVE-2022-0482

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3...

CVE-2022-0877

Cross-site Scripting XSS - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-hulud supply chain attacks. The malware functions as a self-replicating worm that spreads via npm dependencies to compromise developer environments;...

GO-2025-4243 Libredesk has Improper Neutralization of HTML Tags in a Web Page in github.com/abhinavxd/libredesk

Libredesk has Improper Neutralization of HTML Tags in a Web Page in github.com/abhinavxd/libredesk...

GO-2025-4250 Amazon S3 Encryption Client has a Key Commitment Issue in github.com/aws/amazon-s3-encryption-client-go

Amazon S3 Encryption Client has a Key Commitment Issue in github.com/aws/amazon-s3-encryption-client-go...

GO-2025-4237 Weaviate OSS has a Path Traversal Vulnerability via Backup ZipSlip in github.com/weaviate/weaviate

Weaviate OSS has a Path Traversal Vulnerability via Backup ZipSlip in github.com/weaviate/weaviate...

GO-2025-4207 1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers in github.com/1Panel-dev/1Panel

1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers in github.com/1Panel-dev/1Panel...

Sift or Get off the PoC: Applying Information Retrieval to Vulnerability Research with SiftRank

Security research is fundamentally a problem of resource constraint and consequent prioritization. There is simply too much attack surface and too little time and energy to spend analyzing it all. The most effective security researchers are often those who are most skilled at intuitively deciding...

MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution (RCE) via malicious URL

Summary The MCPScanner class contains a critical Command Injection vulnerability in the cloneRepo method. The application passes the user-supplied githubUrl argument directly to a system shell via execSync without sanitization. This allows an attacker to execute arbitrary commands on the host...

CVE-2018-17082

creationtimestamp| type| source ---|---|--- 2025-12-01 07:51:52+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2018/CVE-2018-17082.yaml 2025-12-02 21:02:28+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m6ztowc7ky2w 2026-01-27...

CVE-2025-13595

The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizadorgit.php' file in all versions up to, and including, 1.10.8. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite...

CVE-2025-13597

The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizadorgit.php' file in all versions up to, and including, 1.0.11. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite...