CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17965 matches found

CVE•added 2024/04/19 5:2 p.m.•97 views

CVE-2024-2440

A race condition in GitHub Enterprise Server allowed an existing admin to retain permissions on a detached repository by issuing a GraphQL mutation to alter repository permissions while the repository was detached. Affected: all GitHub Enterprise Server versions prior to 3.13. Fixes are available...

5.9CVSS6.6AI score0.00452EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2024/04/19 2:25 p.m.•15 views

CVE-2024-3684 Improper Privilege Management was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console

A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability...

8CVSS8AI score0.01095EPSS

Exploits0References4

CVE•added 2024/04/19 2:21 p.m.•66 views

CVE-2024-3646

CVE-2024-3646 : A command injection vulnerability was identified in GitHub Enterprise Server that could let an attacker with an editor role in the Management Console obtain admin SSH access to the instance during chat integration configuration. Exploitation required access to the GitHub Enterpris...

8CVSS7.4AI score0.01742EPSS

Exploits0References4Affected Software1

Cvelist•added 2024/04/19 2:21 p.m.•18 views

CVE-2024-3646 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the instance when configuring the chat integration. Exploitation of this vulnerability required access to the GitHub...

8CVSS8.4AI score0.01742EPSS

Exploits0References4

CVE•added 2024/04/19 2:17 p.m.•71 views

CVE-2024-3470

GitHub Enterprise Server suffers an Improper Privilege Management flaw that lets a repository deploy key bypass an organization’s ruleset when an attacker has a valid deploy key and repository administrator access. Affected versions are 3.11–3.12; remediation is to upgrade to 3.11.8 or 3.12.2. In...

7.2CVSS6.8AI score0.00587EPSS

Exploits0References2Affected Software1

Cvelist•added 2024/04/19 2:17 p.m.•20 views

CVE-2024-3470 Repository administrator can bypass organization's ruleset using deploy keys

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as we...

5.9CVSS6AI score0.00587EPSS

Exploits0References2

Openbugbounty•added 2024/04/19 12:15 a.m.•12 views

finchbarry.com Cross Site Scripting vulnerability OBB-3918828

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score

Exploits0

Openbugbounty•added 2024/04/18 12:46 p.m.•14 views

peterdonders.com Cross Site Scripting vulnerability OBB-3918754

6.2AI score

Exploits0

Openbugbounty•added 2024/04/17 8:31 p.m.•15 views

nfe.leopoldina.mg.gov.br Cross Site Scripting vulnerability OBB-3918689

6.2AI score

Exploits0

Openbugbounty•added 2024/04/17 3:49 p.m.•14 views

funkylife.in Cross Site Scripting vulnerability OBB-3918679