GHSA-PWHH-Q4H6-W599

creationtimestamp| type| source ---|---|--- 2025-02-27 15:30:14+00:00| published-proof-of-concept| Telegram/18aGabcqT47rhbAtmBCfjbslvF7WShvEcg6GVkQNwRNaIHA...

GHSA-VFXC-QG3V-J2R5

creationtimestamp| type| source ---|---|--- 2025-02-25 18:22:35+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5342...

CVE-2025-25204

gh is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool gh attestation verify causes it to return a zero exit status when no attestations are present. This behavior is incorrect:...

CVE-2022-21671

@replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are...

CVE-2020-15134

Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL i...

GHSA-8C3X-HQ82-GJCM

creationtimestamp| type| source ---|---|--- 2025-01-24 20:04:51+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/3008...

GHSA-X99J-R8VV-GWWJ

creationtimestamp| type| source ---|---|--- 2025-01-24 17:05:04+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/2948...

GHSA-FF6Q-3C9C-6CF5

creationtimestamp| type| source ---|---|--- 2025-01-14 23:09:10+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/1633...

GO-2025-3371 WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover in github.com/h44z/wg-portal

WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover in github.com/h44z/wg-portal. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fr...

GHSA-X629-5XFF-W7QG

creationtimestamp| type| source ---|---|--- 2025-01-06 15:38:11+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/172...

GHSA-PVVW-QRF9-XPMC

creationtimestamp| type| source ---|---|--- 2025-01-06 06:40:22+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/153...

GHSA-FQ22-566F-CFHJ

creationtimestamp| type| source ---|---|--- 2025-01-05 03:35:57+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/117...

LimeSurvey < 6.5.12 XSS Vulnerability

LimeSurvey is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

GHSA-4CX5-89VM-833X

creationtimestamp| type| source ---|---|--- 2024-11-30 06:58:11+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/9255...

Discourse < 3.3.1, 3.4.x < 3.4.0.beta1 DoS Vulnerability

Discourse is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk

A critical security flaw has been disclosed in the Kubernetes Image Builder that, if successfully exploited, could be abused to gain root access under certain circumstances. The vulnerability, tracked as CVE-2024-9486 CVSS score: 9.8, has been addressed in version 0.1.38. The project maintainers...

GHSA-8V4W-F4R9-7H6X Vulnerable juju hook tool abstract UNIX domain socket

Impact When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm. Patches Patch:...

Traccar 5.12 Remote Code Execution

class MetasploitModule 'Traccar v5 Remote Code Execution CVE-2024-31214 and CVE-2024-24809', 'Description' = %q Remote Code Execution in Traccar v5.1 - v5.12. Remote code execution can be obtained by combining two vulnerabilities: A path traversal vulnerability CVE-2024-24809 and an unrestricted...

ZoneMinder < 1.36.34 Multiple Vulnerabilities

ZoneMinder is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zoneminder:zoneminder"; if...

CVE-2024-41810

creationtimestamp| type| source ---|---|--- 2024-07-29 13:48:23+00:00| published-proof-of-concept| https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2...