Lucene search
+L

7558 matches found

NVD
NVD
•added yesterday•9 views

CVE-2026-15783

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with write access to any repository to read metadata from private repositories they did not have access to, including private repository owners and names, branch names, commit SHAs,...

5.3CVSS
Exploits0References5
NVD
NVD
•added yesterday•8 views

CVE-2026-15007

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to cause service disruption by supplying a repository release notes configuration file containing deeply nested YAML. When release notes were generated, the configuration file was parse...

8.3CVSS
Exploits0References5
NVD
NVD
•added yesterday•7 views

CVE-2026-15343

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker who had code execution inside the Dependabot updater container to write files to arbitrary repository paths, including GitHub Actions workflow files under .github/workflows/ as the path validation d...

8.6CVSS
Exploits0References5
CVE
CVE
•added yesterday•9 views

CVE-2026-15783

CVE-2026-15783 (GitHub Enterprise Server) describes a missing authorization flaw where an authenticated user with write access to any repository could read metadata from private repositories they should not access. The attack path involves a delegated bypass endpoint that resolves a rule suite fr...

5.3CVSS5.5AI score
Exploits0References5
Cvelist
Cvelist
•added yesterday•21 views

CVE-2026-15783 Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed reading private repository metadata via delegated bypass rule suites

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with write access to any repository to read metadata from private repositories they did not have access to, including private repository owners and names, branch names, commit SHAs,...

5.3CVSS
Exploits0References5
Vulnrichment
Vulnrichment
•added yesterday•5 views

CVE-2026-15783 Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed reading private repository metadata via delegated bypass rule suites

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with write access to any repository to read metadata from private repositories they did not have access to, including private repository owners and names, branch names, commit SHAs,...

5.3CVSS5.4AI score
Exploits0References5
EUVD
EUVD
•added yesterday•7 views

EUVD-2026-45191

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with write access to any repository to read metadata from private repositories they did not have access to, including private repository owners and names, branch names, commit SHAs,...

5.3CVSS5.5AI score
Exploits0References5
Vulnrichment
Vulnrichment
•added yesterday•5 views

CVE-2026-15343 Path traversal vulnerability in GitHub Enterprise Server allowed writing files to arbitrary repository paths, including GitHub Actions workflow files, via unchecked Dependabot dependency-file paths

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker who had code execution inside the Dependabot updater container to write files to arbitrary repository paths, including GitHub Actions workflow files under .github/workflows/ as the path validation d...

8.6CVSS6.2AI score
Exploits0References5
EUVD
EUVD
•added yesterday•6 views

EUVD-2026-45189

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker who had code execution inside the Dependabot updater container to write files to arbitrary repository paths, including GitHub Actions workflow files under .github/workflows/ as the path validation d...

8.6CVSS6.3AI score
Exploits0References5
Cvelist
Cvelist
•added yesterday•22 views

CVE-2026-15343 Path traversal vulnerability in GitHub Enterprise Server allowed writing files to arbitrary repository paths, including GitHub Actions workflow files, via unchecked Dependabot dependency-file paths

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker who had code execution inside the Dependabot updater container to write files to arbitrary repository paths, including GitHub Actions workflow files under .github/workflows/ as the path validation d...

8.6CVSS
Exploits0References5
CVE
CVE
•added yesterday•10 views

CVE-2026-15007

The CVE describes a Denial of Service in GitHub Enterprise Server caused by parsing a repository release notes configuration file with deeply nested YAML, without a nesting depth limit. When release notes are generated, this can consume excessive resources and render the instance unresponsive. Af...

8.3CVSS5.4AI score
Exploits0References5
EUVD
EUVD
•added yesterday•7 views

EUVD-2026-45188

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to cause service disruption by supplying a repository release notes configuration file containing deeply nested YAML. When release notes were generated, the configuration file was parse...

8.3CVSS5.4AI score
Exploits0References5
Vulnrichment
Vulnrichment
•added yesterday•6 views

CVE-2026-15007 Denial of service vulnerability in GitHub Enterprise Server allowed service disruption via deeply nested YAML in release notes configuration

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to cause service disruption by supplying a repository release notes configuration file containing deeply nested YAML. When release notes were generated, the configuration file was parse...

8.3CVSS5.3AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-60783

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with write access to any repository to read metadata from private repositories they did not have access to, including private repository owners and names, branch names, commit SHAs,...

5.3CVSS5.4AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added yesterday•7 views

PT-2026-60781

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to cause service disruption by supplying a repository release notes configuration file containing deeply nested YAML. When release notes were generated, the configuration file was parse...

8.3CVSS5.3AI score
Exploits0References6
BDU FSTEC
BDU FSTEC
•added 3 days ago•5 views

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition, and Microsoft SharePoint Enterprise Server lies in the lack of authentication for a critical function, allowing attackers to escalate their privileges.

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition, and Microsoft SharePoint Enterprise Server lies in the absence of authentication for a critical function. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...

5.3CVSS6.2AI score0.05601EPSS
Exploits0References5Affected Software3
EUVD
EUVD
•added 2026/07/02 12:31 a.m.•8 views

EUVD-2026-41210

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

9.4CVSS6.5AI score0.00601EPSS
Exploits0References2
NVD
NVD
•added 2026/07/01 11:16 p.m.•8 views

CVE-2026-14439

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

9.4CVSS0.00601EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 2026/07/01 11:5 p.m.•6 views

CVE-2026-14439

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

9.4CVSS6.5AI score0.00601EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/07/01 11:5 p.m.•24 views

CVE-2026-14439 Path Traversal in Altium Git Service Allows Remote Code Execution

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

9.4CVSS0.00601EPSS
Exploits0References1
Rows per page
Query Builder