CVE-2026-48241

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php a public-facing database utility that are committed to the source repository. Any actor with access to the public source tree or an unauthenticated attacker with read access to the file on a deployed...

CVE-2026-48241

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php a public-facing database utility that are committed to the source repository. Any actor with access to the public source tree or an unauthenticated attacker with read access to the file on a deployed...

Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code VS Code extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed GlassWorm. The cluster of 73 extensions has been identified as cloned versions of their legitimate...

CVE-2026-2262

creationtimestamp| type| source ---|---|--- 2026-04-18 01:18:04+00:00| published-proof-of-concept| Telegram/u5f3Gra6Haipf3VJEB4yu-gwc95-0FLxvYnhbIvKSTo7fn8 2026-04-21 03:41:01+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/CVE-2026-2262.yaml 2026-04-22...

PT-2026-32988

Hackage package metadata stored XSS vulnerability User-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Scripting XSS attacks. The specific fields affected are: - homepage - bug-reports - source-repository.locatio...

EUVD-2021-2336

Malware in sbrugna...

curl: Exposure of Hard-coded Private Keys and Credentials in curl Source Repository (CWE-321)

Multiple private/test RSA keys and example credentials were discovered embedded in the public curl source repository and associated documentation. These sensitive secrets were detected using automated tools gitleaks and manual review. Their presence could allow attackers to impersonate trusted cu...

Unmasking Synthetic Realities in Generative AI: a Comprehensive Review of Adversarially Robust Deepfake Detection Systems

The rapid advancement of Generative Artificial Intelligence has fueled deepfake proliferation-synthetic media encompassing fully generated content and subtly edited authentic material-posing challenges to digital security, misinformation mitigation, and identity preservation. This systematic revi...

Pagure 参数注入漏洞

Pagure is a Pagure open source Git repository written in Python that provides web services. Pagure suffers from a parameter injection vulnerability that stems from Git parameter injection and could lead to remote code execution...

ROS-20240708-02

A vulnerability in the TPMLPCRSELECTION functions of the source repository for Trusted Platform Module tools TPM2.0 is related to improper mapping of PCR slots, providing a misleading TPM state. Exploitation of the vulnerability could allow an attacker acting remotely to manipulate output data...

CVE-2024-29038

The CVE-2024-29038 issue affects tpm2-tools (TPM2.0 tools). Affected component: quote data generation and verification logic in tpm2-tools; root cause: an attacker could generate arbitrary quote data that is not detected by tpm2_checkquote. Impact: attacker-controlled quotes could bypass detectio...

cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code

Impact What kind of vulnerability is it? Who is impacted? An information leakage vulnerability is present in cdo-local-uuid at version 0.4.0, and in case-utils in unpatched versions matching the pattern 0.x.0 at and since 0.5.0, before 0.15.0. The vulnerability stems from a Python function,...

Researchers Report Supply Chain Vulnerability in Packagist PHP Repository

Researchers have disclosed details about a now-patched high-severity security flaw in Packagist, a PHP software package repository, that could have been exploited to mount software supply chain attacks. "This vulnerability allows gaining control of Packagist," SonarSource researcher Thomas...

Azure App Service Linux source repository exposure

MSRC was informed by Wiz.io, a cloud security vendor, under Coordinated Vulnerability Disclosure CVD of an issue where customers can unintentionally configure the .git folder to be created in the content root, which would put them at risk for information disclosure. This, when combined with an...

CVE-2021-39152

creationtimestamp| type| source ---|---|--- 2021-08-23 22:23:37+00:00| seen| https://t.me/cibsecurity/27719 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-39152.yaml 2026-02-16 21:02:33+00:00| seen|...

CVE-2020-36327

A flaw was found in the way Bundler determined the source repository when installing dependencies of source-restricted gem packages. In configurations that use multiple gem repositories and explicitly define from which source repository certain gems are to be installed, a dependency of a...

Remote Code Execution

dependabot-common is vulnerable to remote code execution. An attacker is able to inject arbitrary Shell commands via a branch name URL during cloning of the source repository...

GHSA-23F7-99JX-M54R Remote code execution in dependabot-core branch names when cloning

Impact Remote code execution vulnerability in dependabot-common and dependabot-gomodules when a source branch name contains malicious injectable bash code. For example, if Dependabot is configured to use the following source branch name: "/$curl,127.0.0.1", Dependabot will make a HTTP request to...