CVE-2025-59900

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...

EUVD-2024-32860

Malicious code in bioql PyPI...

CVE-2024-8263

An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. Thi...

CVE-2022-23741

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in...

CVE-2024-3684 Improper Privilege Management was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console

A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability...

PT-2023-3420 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 25.0.0 through 25.0.7 Nextcloud Server versions 26.0.0 through 26.0.2 Nextcloud Enterprise Server versions 21.0.0 through 21.0.9.12 Nextcloud Enterprise Server versions 22.0.0 through 22.2.10.12 Nextcloud Enterprise...