EUVD-2014-0084

Malware in sbrugna...

EUVD-2013-2654

Malware in sbrugna...

GHSA-GPRP-H92G-GC2H XWiki Platform is vulnerable to HQL injection via wiki and space search REST API

Impact The REST search URL is vulnerable to HQL injection via the orderField parameter. The specified value is added twice in the query, though, once in the field list for the select and once in the order clause, so it's not that easy to exploit. The part of the query between the two fields can b...

EUVD-2023-28810

Malicious code in bioql PyPI...

EUVD-2024-45492

Malicious code in bioql PyPI...

EUVD-2025-12173

Malicious code in bioql PyPI...

EUVD-2022-34516

Malicious code in bioql PyPI...

Gitlab -- Vulnerabilities

Gitlab reports: Denial of Service issue when uploading specifically crafted JSON files impacts GitLab CE/EE Denial of Service issue bypassing query complexity limits impacts GitLab CE/EE Information disclosure issue in virtual registery configuration for low privileged users impacts GitLab CE/EE...

CVE-2025-10393

A flaw has been found in miurla morphic up to 0.4.5. This impacts the function fetchHtml of the file /api/advanced-search of the component HTTP Status Code 3xx Handler. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been...

CVE-2025-10393

A flaw has been found in miurla morphic up to 0.4.5. This impacts the function fetchHtml of the file /api/advanced-search of the component HTTP Status Code 3xx Handler. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been...

PT-2025-37404

Name of the Vulnerable Software and Affected Versions: miurla morphic versions prior to 0.4.5 Description: A flaw has been found in miurla morphic. This impacts the fetchHtml function of the file /api/advanced-search of the component HTTP Status Code 3xx Handler, causing server-side request...

Linux Distros Unpatched Vulnerability : CVE-2023-31419

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was discovered in Elasticsearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial...

CVE-2025-6600

An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API...

CVE-2025-6600

An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API...

CVE-2025-6600

An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API...

CVE-2025-6600

This CVE affects GitHub Enterprise Server v3.17. The issue is an information-disclosure where a user-to-server token with no scopes, used via the Search API, could disclose private repository names within an organization. Exploitation required an organization administrator to install a malicious ...

CVE-2025-6600 GitHub Enterprise Server Information Disclosure Vulnerability Exposes Private Repository Names via Search API

An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API...

CVE-2025-6600 GitHub Enterprise Server Information Disclosure Vulnerability Exposes Private Repository Names via Search API

An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API...

PT-2025-27576 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server version 3.17 Description: An exposure of sensitive information issue was identified that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by...

CVE-2023-24812

Misskey is an open source, decentralized social media platform. In versions prior to 13.3.3 SQL injection is possible due to insufficient parameter validation in the note search API by tag notes/search-by-tag. This has been fixed in version 13.3.3. Users are advised to upgrade. Users unable to...