CVE-2025-26495

Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token PAT into logging repositories.This issue affects Tableau Server: before 2022.1.3, before 2021.4.8, before 2021.3.13, before 2021.2.14, before 2021.1.16, before 2020.4.19...

The Overlooked Attack Surface: Securing Code Repositories, Pipelines, and Developer Infrastructure

Learn how Wiz for ASPM extends security to developer infrastructure by continuously enforcing secure defaults and detecting threats across the software supply chain...

CVE-2025-26495

Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token PAT into logging repositories.This issue affects Tableau Server: before 2022.1.3, before 2021.4.8, before 2021.3.13, before 2021.2.14, before 2021.1.16, before 2020.4.19...

CVE-2025-26495

Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token PAT into logging repositories.This issue affects Tableau Server: before 2022.1.3, before 2021.4.8, before 2021.3.13, before 2021.2.14, before 2021.1.16, before 2020.4.19...

CVE-2025-26495

CVE-2025-26495 affects Salesforce Tableau Server. The issue is Cleartext Storage of Sensitive Information: Personal Access Tokens (PAT) can be recorded in logging repositories. Affected Tableau Server versions include pre-2022.1.3, pre-2021.4.8, pre-2021.3.13, pre-2021.2.14, pre-2021.1.16, and pr...

CVE-2024-1482

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUBTOKEN. To exploit this vulnerability, an attacker would need access...

CVE-2025-24886

CVE-2025-24886 involves pwn.college’s Dojo tooling where incorrect symbolic link checks on user-specified dojos allow an LFI from the CTFd container without admin privileges. A malicious user can craft a repository containing symlinks to sensitive files and retrieve them via the CTFd website when...

Lumma Stealer Found in Fake Crypto Tools and Game Mods on GitHub

McAfee Labs uncovers malicious GitHub repositories distributing Lumma Stealer malware disguised as game hacks and cracked software. Learn…...

CVE-2024-36116

creationtimestamp| type| source ---|---|--- 2025-01-22 17:00:51+00:00| seen| https://github.blog/security/vulnerability-research/attacks-on-maven-proxy-repositories/ 2025-09-15 13:28:31+00:00| seen| MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f 2025-09-16 03:45:00+00:00| seen|...

RUSTSEC-2025-0001 gix-worktree-state nonexclusive checkout sets executable files world-writable

Summary gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in some...

CLSA-2025-1737156361 git: Fix of CVE-2024-32465

CVE-2024-32465: Fix issue allowing protections to be bypassed when obtaining Git repository from untrusted sources...

CLSA-2025-1737155612 git: Fix of CVE-2024-32004

CVE-2024-32004: fetch/clone: detect dubious ownership of local repositories...

GO-2025-3390 Git LFS permits exfiltration of credentials via crafted HTTP URLs in github.com/git-lfs/git-lfs

Git LFS permits exfiltration of credentials via crafted HTTP URLs in github.com/git-lfs/git-lfs...

CVE-2024-50338

Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...

CVE-2024-50338 Carriage-return character in remote URL allows malicious repository to leak credentials in Git Credential Manager

Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...

CVE-2024-50338 Carriage-return character in remote URL allows malicious repository to leak credentials in Git Credential Manager

Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...

HackerOne: Public GitHub repositories for multiple HackerOne managed triage team profiles contain private HackerOne reports information

Publicly available GitHub repositories for HackerOne-managed triage team profiles were found to contain private HackerOne vulnerability reports. Several repositories were identified that reproduced exploits for private bug bounty programs. The disclosed information included details such as access...

Banshee Stealer Hits macOS Users via Fake GitHub Repositories

SUMMARY Cybersecurity researchers at Check Point detected a new version of Banshee Stealer in late September 2024, distributed…...

IBM Cognos Controller和IBM Controller 信任管理问题漏洞

IBM Cognos Controller and IBM Controller are both products of International Business Machines IBM.IBM Cognos Controller is a business intelligence and planning solution. The product features process automation, financial audit control, and the creation and management of financial reports.IBM...

PT-2025-28646

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.24.5 Go versions prior to 1.23.11 Description: The issue concerns unexpected command execution in untrusted VCS repositories when using the Go toolchain. This can occur when the toolchain is used in directories fetched...