Lucene search
+L

971365 matches found

NVD
NVD
added yesterday9 views

CVE-2026-15783

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with write access to any repository to read metadata from private repositories they did not have access to, including private repository owners and names, branch names, commit SHAs,...

5.3CVSS
Exploits0References5
Cvelist
Cvelist
added yesterday21 views

CVE-2026-15783 Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed reading private repository metadata via delegated bypass rule suites

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with write access to any repository to read metadata from private repositories they did not have access to, including private repository owners and names, branch names, commit SHAs,...

5.3CVSS
Exploits0References5
Vulnrichment
Vulnrichment
added yesterday5 views

CVE-2026-15783 Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed reading private repository metadata via delegated bypass rule suites

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with write access to any repository to read metadata from private repositories they did not have access to, including private repository owners and names, branch names, commit SHAs,...

5.3CVSS5.4AI score
Exploits0References5
EUVD
EUVD
added yesterday7 views

EUVD-2026-45191

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with write access to any repository to read metadata from private repositories they did not have access to, including private repository owners and names, branch names, commit SHAs,...

5.3CVSS5.5AI score
Exploits0References5
CVE
CVE
added yesterday10 views

CVE-2026-15007

The CVE describes a Denial of Service in GitHub Enterprise Server caused by parsing a repository release notes configuration file with deeply nested YAML, without a nesting depth limit. When release notes are generated, this can consume excessive resources and render the instance unresponsive. Af...

8.3CVSS5.4AI score
Exploits0References5
EUVD
EUVD
added yesterday7 views

EUVD-2026-45188

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to cause service disruption by supplying a repository release notes configuration file containing deeply nested YAML. When release notes were generated, the configuration file was parse...

8.3CVSS5.4AI score
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60783

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with write access to any repository to read metadata from private repositories they did not have access to, including private repository owners and names, branch names, commit SHAs,...

5.3CVSS5.4AI score
Exploits0References6
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60781

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to cause service disruption by supplying a repository release notes configuration file containing deeply nested YAML. When release notes were generated, the configuration file was parse...

8.3CVSS5.3AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/08 4:27 p.m.19 views

Malicious code in @luminarycloudinternal/lcvis-st (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce8dffb72c9f767cbd071bf482fce9acb1ff2283a4800b7862739348b7a89e24 Package @luminarycloudinternal/[email protected] is published to the public npm registry under an internal-looking scope with an artificially high...

5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.16 views

PT-2026-55983

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 Form Field in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

7.2CVSS6.2AI score0.00259EPSS
Exploits0References7
NVD
NVD
added 2026/07/01 9:16 p.m.7 views

CVE-2026-14340

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's intended scope. This was possible because the authorization...

5.3CVSS0.00215EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/01 9:3 p.m.8 views

EUVD-2026-41145

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's intended scope. This was possible because the authorization...

5.3CVSS5.8AI score0.00215EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/01 9:3 p.m.34 views

CVE-2026-14340 An incorrect authorization vulnerability in GitHub Enterprise Server allows issue creation in unrelated public repositories

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's intended scope. This was possible because the authorization...

5.3CVSS0.00215EPSS
Exploits0References6
CVE
CVE
added 2026/07/01 9:3 p.m.19 views

CVE-2026-14340

GitHub Enterprise Server (GitHub ES) suffers an incorrect authorization vulnerability (CVE-2026-14340) where a user-to-server token scoped to a GitHub App installation could perform write operations on public repositories outside the token’s scope. The root cause is an authorization check that on...

5.3CVSS5.8AI score0.00215EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/01 9:3 p.m.7 views

CVE-2026-14340

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's intended scope. This was possible because the authorization...

5.3CVSS5.8AI score0.00215EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/07/01 12:33 a.m.8 views

EUVD-2026-40424

A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary JavaScript in another user's browser by injecting a crafted payload into the title of a Discussion in the Q&A category...

6.3CVSS5.9AI score0.00184EPSS
Exploits0References5
NVD
NVD
added 2026/06/30 10:16 p.m.10 views

CVE-2026-10585

A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary JavaScript in another user's browser by injecting a crafted payload into the title of a Discussion in the Q&A category. The...

6.3CVSS0.00184EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/30 9:39 p.m.31 views

CVE-2026-10585 Stored cross-site scripting vulnerability in GitHub Enterprise Server allowed arbitrary JavaScript execution via crafted Discussion titles in the Q&A category

A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary JavaScript in another user's browser by injecting a crafted payload into the title of a Discussion in the Q&A category. The...

6.3CVSS0.00184EPSS
Exploits0References5
CVE
CVE
added 2026/06/30 9:39 p.m.35 views

CVE-2026-10585

CVE-2026-10585 describes a stored XSS in GitHub Enterprise Server where an authenticated attacker could execute JavaScript in another user’s browser by injecting a crafted payload into a Discussion title in the Q&A category. The vulnerability stems from the AnsweredQuestionStructuredDataComponent...

6.3CVSS5.9AI score0.00184EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/06/30 9:16 p.m.7 views

CVE-2026-9106

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the managerunners:org scope and directing ...

5.5CVSS0.00176EPSS
Exploits0References6
Rows per page
Query Builder