CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1733 matches found

JFrog Artifactory 6.7.3 - Admin Login Bypass

JFrog Artifactory 6.7.3 is vulnerable to an admin login bypass issue because by default the access-admin account is used to reset the password of the admin account. While this is only allowable from a connection directly from localhost, providing an X-Forwarded-For HTTP header to the request allo...

9.8CVSS7.8AI score0.91697EPSS

Exploits3References5

RedhatCVE•added 2 days ago•10 views

CVE-2026-46390

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenticated browsing of git repositories and git history. Version 26.0.0 patches the issue...

6.9CVSS5.5AI score0.0005EPSS

Exploits0References1

The Hacker News•added 2 days ago•20 views

Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack

Microsoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign. The incident impacted 73 Microsoft repositories across four of its GitHub organizations, including Azure, Azure-Samples, Microsoft, and MicrosoftDocs, per...

6.2AI score

Exploits0

Positive Technologies•added 2 days ago•7 views

PT-2026-47164

Name of the Vulnerable Software and Affected Versions onedev versions prior to 15.0.6 Description Improper authorization exists in the REST API component. A remote attacker can manipulate the project.defaultBranch argument within the '/repositories/projectId/default-branch' endpoint to bypass...

6.5CVSS6.6AI score0.00043EPSS

Exploits0References9

RedhatCVE•added 3 days ago•8 views

CVE-2026-45772

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution when run in untrusted repositories that contain malicious Yarn configuration. In affected versions, package manager detection...

9.8CVSS6.2AI score0.00098EPSS

Exploits0References1

RedhatCVE•added 3 days ago•7 views

CVE-2026-5512

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error...

5.3CVSS5.6AI score0.00038EPSS

Exploits0References1

RedhatCVE•added 3 days ago•5 views

CVE-2026-28735

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to gain access to private repositories via modifying the scope parameter in the GitHub authorization URL...

5.4CVSS5.5AI score0.0003EPSS

Exploits0References1

RedhatCVE•added 3 days ago•6 views

CVE-2026-32631

Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses a...

7.4CVSS6.4AI score0.00086EPSS

Exploits0References1

RedhatCVE•added 3 days ago•6 views

CVE-2026-5845

An improper authorization vulnerability in scoped user-to-server ghu token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an authorization fallback that...

9.6CVSS5.5AI score0.00025EPSS

Exploits0References1

CVE•added 3 days ago•13 views

CVE-2026-46390

HAX CMS (PHP/Node.js backends) is affected by an unauthenticated access issue in the gitlist plugin. From version 2.0.0 up to, but not including, 26.0.0, the gitlist plugin is exposed to unauthenticated users, enabling browsing of git repositories and git history without authentication. Version 2...

6.9CVSS5.5AI score0.0005EPSS

Exploits0References1

EUVD•added 3 days ago•5 views

EUVD-2026-34881

6.9CVSS5.5AI score0.0005EPSS

Exploits0References1

Cvelist•added 3 days ago•22 views

CVE-2026-46390 HAX CMS has Unauthenticated Git Access via User-Controlled Key

6.9CVSS0.0005EPSS

Exploits0References1

F5 Networks•added 3 days ago•5 views

K000161612: Golang vulnerabilities CVE-2025-4674 and CVE-2025-61724

Security Advisory Description CVE-2025-4674 The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contai...

8.6CVSS6.8AI score0.00023EPSS

Exploits0

OSSF Malicious Packages•added 3 days ago•7 views

Malicious code in mountly (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

5.7AI score

Exploits0References2

OSSF Malicious Packages•added 3 days ago•6 views

Malicious code in @forjacms/sections (npm)

5.7AI score

Exploits0References2

OSSF Malicious Packages•added 3 days ago•7 views

Malicious code in eslint-plugin-executable-stories-jest (npm)

5.7AI score

Exploits0References2

OSSF Malicious Packages•added 3 days ago•8 views

Malicious code in executable-stories-mcp (npm)