25 matches found
BAC in Snapshot API allows deletion of unauthorized dashboard snapshots
Any Editor could delete any snapshot, even if they have no access to read or write them...
Dashboard Import Overwrites ACL — Editor Privilege Escalation to Dashboard Admin
An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...
cve
cve.sh — CVE Discovery & Exploitation Reporter Technology f...
EUVD-2026-24554
A server-side request forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was disabled, the notebo...
CVE-2026-4296
An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party OAuth application's registered callback URL could craft a malicious authorization link that, when...
PT-2026-34209
Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An incorrect regular expression allows an attacker to bypass OAuth redirect URI validation. An attacker aware of a first-party OAuth application's registered callback URL can create a...
Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS
The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container. Thanks to khanmarshal for reporting this vulnerability to us via our bug boun...
CVE-2025-11578 Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation
A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker...
zkVM Underconstrained Vulnerability
Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction including remu and divu in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The main idea for the attack is to confuse the RISC-V virtual machine into treating the value of th...
Grafana -- DingDing contact points exposed in Grafana Alerting
Grafana Labs reports: An incident occurred where the DingDing alerting integration URL was inadvertently exposed to viewers due to a setting oversight, which we learned about through a bug bounty report. The CVSS 3.0 score for this vulnerability is 4.3 Medium...
U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls
The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020. Guan Tianfeng aka gbigmao and gxiaomao, who is said to have worked at Sichuan Silence Information Technology Company, Limited, has been...
CosmWasm VM Incorrect metering
CWA-2024-007 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.1.0, = 2.0.0, = 2.1.0, = 2.0.0, query wasm libwasmvm-version. It must show 1.5...
Improper access of prompt data by another user.
Description Another user can able to see the prompts data of a particular users. Proof of Concept let promptid be the prompt id of user 1 visit http://127.0.0.1:8080/prompts/promptid from another users user 2 session user 2 can see the user 1 promptid's data. Previously it was reported by some on...
High-Severity Command Injection Vulnerability in run_BingBertSquad.sh
This report is not public...
Admin user account takeover due to password reset code not being checked on the backend
This report is not public...
metermaniac.com Cross Site Scripting vulnerability OBB-3921135
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ropeways.net Cross Site Scripting vulnerability OBB-3900460
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
pepinieres-lecomte.com Improper Access Control vulnerability OBB-3808324
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2022-23741
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in...
CVE-2022-1537
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privilege...