Lucene search
K

19114 matches found

Wordfence Blog
Wordfence Blog
added 2025/07/10 1:55 p.m.31 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 30, 2025 to July 6, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

10CVSS10AI score0.28162EPSS
Exploits23
Wordfence Blog
Wordfence Blog
added 2025/07/08 4:0 p.m.13 views

Revolutionizing Responsible Disclosure: Introducing the Wordfence Vulnerability Management Portal for WordPress Vendors

The Wordfence team is excited to announce the official launch of the Wordfence Vulnerability Management Portal, the latest addition to the Wordfence Intelligence suite. This new interface is designed to improve and simplify the vulnerability disclosure process between the Wordfence team and...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 11:38 a.m.10 views

CVE-2025-23369

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signature spoofing for unauthorized internal users. Instances not utilizing SAML single sign-on or where the attacker is not already an existing user were not impacted. This...

8.8CVSS6.8AI score0.01552EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:43 a.m.11 views

CVE-2024-9539

An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. This required the attacker to uplo...

5.7CVSS6.4AI score0.00615EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:35 a.m.6 views

CVE-2024-8770

A Cross-Site Scripting XSS vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version...

6.1CVSS5.7AI score0.0035EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:29 a.m.6 views

CVE-2024-6337

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pullrequestwrite: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access...

6.5CVSS6.7AI score0.00705EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:32 a.m.9 views

CVE-2024-0507

An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, an...

8.8CVSS7.5AI score0.658EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:3 a.m.9 views

CVE-2024-6395

An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability...

6.3CVSS6.4AI score0.00492EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:12 a.m.6 views

CVE-2023-23764

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server...

7.1CVSS6.7AI score0.00469EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:52 a.m.7 views

CVE-2023-46648

An insufficient entropy vulnerability was identified in GitHub Enterprise Server GHES that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pending. This vulnerability...

8.3CVSS6.7AI score0.00744EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:46 a.m.17 views

CVE-2023-22381

A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need existing permission to...

8.8CVSS7.2AI score0.00839EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:46 a.m.11 views

CVE-2023-22505

This High severity RCE Remote Code Execution vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high...

8.8CVSS7.6AI score0.02073EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:12 a.m.5 views

CVE-2023-23761

An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist's URL. This vulnerability affected all...

7.7CVSS7AI score0.00462EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:38 a.m.17 views

CVE-2023-23765

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the...

6.5CVSS6.8AI score0.00485EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:8 p.m.18 views

CVE-2022-23732

A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the...

8.8CVSS6.8AI score0.01671EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:0 p.m.24 views

CVE-2022-46256

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in...

8.8CVSS7.6AI score0.01938EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:59 p.m.7 views

CVE-2022-23733

A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy CSP. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions...

5.4CVSS6.2AI score0.00495EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/05/21 12:0 a.m.35 views

BountyBench: Dollar Impact of AI Agent Attackers and Defenders on Real-World Cybersecurity Systems

AI agents have the potential to significantly alter the cybersecurity landscape. To help us understand this change, we introduce the first framework to capture offensive and defensive cyber-capabilities in evolving real-world systems. Instantiating this framework with BountyBench, we set up 25...

6.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/05/15 2:12 p.m.21 views

Next.js Race Condition to Cache Poisoning

Summary We received a responsible disclosure from Allam Rachid zhero for a low-severity race-condition vulnerability in Next.js. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve pageProps data instead of standard HTML. Learn more here...

3.7CVSS6.5AI score0.00666EPSS
Exploits2References4Affected Software1
Wordfence Blog
Wordfence Blog
added 2025/05/13 4:1 p.m.17 views

50,000 WordPress Sites Affected by PHP Object Injection Vulnerability in Uncanny Automator WordPress Plugin

In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On April 26th, 2024, we received a submission for an authenticated PHP...

8.1CVSS7.8AI score0.00769EPSS
Exploits0
Rows per page
Query Builder