CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

60 matches found

Positive Technologies•added 2026/04/21 12:0 a.m.•2 views

PT-2026-34196

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the owner id parameter in the request...

5.3CVSS5.9AI score0.0026EPSS

Exploits0References9

Packet Storm News•added 2026/03/17 12:0 a.m.•13 views

VulnAgent-X: A Layered Agentic Framework for Repository-Level Vulnerability Detection

VulnAgent-X is a layered agentic framework integrating lightweight risk screening, bounded context expansion, specialized analysis agents, selective dynamic verification, and evidence fusion into a unified pipeline. Included in this archive is also a whitepaper from the researchers...

5.8AI score

Exploits0

Snyk•added 2026/03/05 9:13 p.m.•3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the milestone selection. An attacker can execute arbitrary JavaScript code in the context of another user's browser by storing a crafted HTML or JavaScript payload in a repository's milestone name, which is...

8.7CVSS5.7AI score0.00184EPSS

Exploits0References2

NVD•added 2026/03/05 7:16 p.m.•6 views

CVE-2026-25921

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. This issue has been patched in version 0.14.2...

9.3CVSS0.00327EPSS

Exploits1References4

IBM Security Bulletins•added 2026/02/16 2:53 p.m.•5 views

Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2025-13333)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a weaker than expected security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the securit...

4.9CVSS5.5AI score0.0031EPSS

Exploits0Affected Software1

OSV•added 2026/01/22 3:15 a.m.•3 views

DEBIAN-CVE-2026-23991

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository or any of its mirrors returns invalid TUF metadata JSON valid JSON but not well formed TUF metadata, the client will panic during parsing, causing a denial of...

7.5CVSS8.3AI score0.0053EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:48 a.m.•4 views

CVE-2022-31573

The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS6.9AI score0.01164EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:12 a.m.•6 views

CVE-2022-0905

Missing Authorization in GitHub repository go-gitea/gitea prior to 1.16.4...

7.1CVSS6.7AI score0.00833EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 8:56 a.m.•2 views

CVE-2023-4124

Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1...

8.1CVSS6.7AI score0.00538EPSS

Exploits1References1

OSV•added 2025/12/18 10:59 p.m.•5 views

CVE-2025-68279 Weblate has an arbitrary file read via symbolic links

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.1 fixes the issue...

7.7CVSS6.7AI score0.00344EPSS

Exploits0References6