Lucene search
K

971346 matches found

NVD
NVD
added yesterday4 views

CVE-2026-10585

A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary JavaScript in another user's browser by injecting a crafted payload into the title of a Discussion in the Q&A category...

6.3CVSS
Exploits0References4
CVE
CVE
added yesterday7 views

CVE-2026-10585

CVE-2026-10585 describes a stored XSS in GitHub Enterprise Server where an authenticated attacker could execute JavaScript in another user’s browser by injecting a crafted payload into a Discussion title in the Q&A category. The vulnerability stems from the AnsweredQuestionStructuredDataComponent...

6.3CVSS5.9AI score
Exploits0References4
EUVD
EUVD
added yesterday3 views

EUVD-2026-40424

A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary JavaScript in another user's browser by injecting a crafted payload into the title of a Discussion in the Q&A category...

6.3CVSS5.9AI score
Exploits0References4
NVD
NVD
added yesterday4 views

CVE-2026-9106

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the managerunners:org scope and directing ...

4.8CVSS
Exploits0References5
Cvelist
Cvelist
added yesterday6 views

CVE-2026-9106 UI misrepresentation vulnerability in GitHub Enterprise Server allowed unauthorized organization runner management via undisclosed OAuth scope on consent screen

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the managerunners:org scope and directing ...

4.8CVSS
Exploits0References5
EUVD
EUVD
added yesterday3 views

EUVD-2026-40407

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the managerunners:org scope and directing ...

4.8CVSS5.8AI score
Exploits0References5
Wordfence Blog
Wordfence Blog
added 2026/06/18 4:42 p.m.7 views

Critical Unauthenticated Arbitrary File Deletion Vulnerability Patched in Avada Builder WordPress Plugin

On May 13th, 2026, we received a submission for a critical Unauthenticated Arbitrary File Deletion vulnerability in Avada Builder, a premium WordPress plugin with an estimated 1,000,000 active installations. This vulnerability makes it possible for unauthenticated attackers to delete arbitrary...

9.1CVSS6.6AI score0.01193EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/06/14 8:58 a.m.72 views

TechMyst-Toolkit

TechMyst-Toolkit "An automated Bug...

5.3AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/12 3:47 a.m.59 views

ethical-hacking-security-labs

Ethical Hacking & Network Security Lab Portfolio A hands-on...

10CVSS8AI score0.96184EPSS
Exploits30
GithubExploit
GithubExploit
added 2026/06/11 11:8 a.m.94 views

Bug-Bounty-Practice-lab

Syntex Solutions — Vulnerable Lab ⚠️ WARNING — FOR AUTHOR...

5.8AI score
Exploits0
OSV
OSV
added 2026/06/11 5:5 a.m.9 views

MAL-2026-5582 Malicious code in wp-env (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec2e092036cea9a9b2563e18b3d588ab046800c2160fb820081423b909066759 Package squats the wp-env CLI name commonly invoked as npx wp-env by users intending @wordpress/env. The package ships only bin/run.js declared main:...

5.6AI score
Exploits0References1
Wordfence Blog
Wordfence Blog
added 2026/06/10 4:53 p.m.12 views

Critical Unauthenticated Authentication Bypass Vulnerability Patched in UpdraftPlus WordPress Plugin

On June 2nd, 2026, we received a submission for a critical Unauthenticated Authentication Bypass vulnerability in UpdraftPlus, a WordPress plugin with more than 3 million active installations. Although the plugin has such a large install base, the vulnerability is only exploitable on sites that...

8.1CVSS7.8AI score0.03578EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.9 views

PT-2026-47289

Name of the Vulnerable Software and Affected Versions @angular/platform-server versions prior to 19.2.23 @angular/platform-server versions prior to 20.3.22 @angular/platform-server versions prior to 21.2.15 @angular/platform-server versions prior to 22.0.0-rc.2 Description An issue in the...

8.8CVSS5.7AI score0.00279EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/06/07 10:16 a.m.73 views

bugbounty-toolkit

🎯 Bug Bounty Recon Toolkit Automated recon toolkit for author...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.10 views

CVE-2026-3307

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the ownerid parameter in the request bod...

5.3CVSS5.6AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.12 views

CVE-2026-5845

An improper authorization vulnerability in scoped user-to-server ghu token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an authorization fallback that...

9.6CVSS5.5AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.9 views

CVE-2026-8034

A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...

9.8CVSS5.5AI score0.00377EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/06/04 6:8 a.m.9 views

Revive Adserver: Stored XSS in maintenance tools via unescaped entity names

A stored XSS vulnerability was discovered in the maintenance tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected in the maintenance-acl-check.php and maintenance-banners-check.php files...

5.4CVSS5.8AI score0.00192EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/06/01 3:51 p.m.17 views

Unauthenticated Privilege Escalation Vulnerability Patched in Kirki WordPress Plugin

On May 4th, 2026, we received a submission for an Unauthenticated Privilege Escalation vulnerability in the Kirki WordPress plugin. Although the plugin has more than 500,000 active installations, we estimate that only around 150,000 sites are using a vulnerable version, as the issue was introduce...

9.8CVSS5.7AI score0.0126EPSS
Exploits4
Wordfence Blog
Wordfence Blog
added 2026/05/29 4:23 p.m.28 views

Wordfence Bug Bounty Program Monthly Report – March 2026

In March 2026, the Wordfence Bug Bounty Program received 1718 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfence Threat...

6.2AI score
Exploits0
Rows per page
Query Builder