93 matches found
CVE-2026-48925
A cross-site request forgery CSRF vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and earlier allows attackers to attackers to trigger a build for a pull request...
CVE-2026-48925
A cross-site request forgery CSRF vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and earlier allows attackers to attackers to trigger a build for a pull request...
CVE-2026-48925
A cross-site request forgery CSRF vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and earlier allows attackers to attackers to trigger a build for a pull request...
CVE-2026-48925
CVE-2026-48925 is a CSRF vulnerability in the Jenkins GitHub Integration Plugin, affected
CVE-2026-48925
A cross-site request forgery CSRF vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and earlier allows attackers to attackers to trigger a build for a pull request...
Jenkins GitHub Integration Plugin 安全漏洞
The Jenkins GitHub Integration Plugin is an open-source integration plugin for Jenkins. Versions of the Jenkins GitHub Integration Plugin prior to 0.7.3 have security vulnerabilities; these vulnerabilities stem from cross-site request forgery attacks, which could allow attackers to trigger build...
CVE-2026-3515
A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...
CVE-2026-3515 Argument Injection in prefecthq/prefect
A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...
CVE-2026-3515
A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...
CVE-2026-3515 Argument Injection in prefecthq/prefect
A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...
EUVD-2026-31563
A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...
PT-2026-42909
A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...
CVE-2026-28735 GitHub OAuth Scope Validation
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to gain access to private repositories via modifying the scope parameter in the GitHub authorization URL...
CVE-2026-28735
Mattermost versions 10.11.x up to 10.11.14, 11.4.x up to 11.4.4, 11.5.x up to 11.5.3, and 11.6.x up to 11.6.0 fail to validate the OAuth token scope on the callback, enabling an authenticated Mattermost user to gain access to private repositories by modifying the scope parameter in the GitHub aut...
MAL-2026-4699 Malicious code in utils-mf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d338ea2a5c454a5a0352e6fb29bd940027bc4b8c349649f6356c4fc4f396272 Package metadata advertises 'utility mf' with main 'index.js', but the shipped main is a 15.7MB obfuscator.io-style blob preceded by 8MB of...
MAL-2026-4141 Malicious code in jest-random-mock (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
CVE-2026-42523
Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with...
📄 WordPress Cibeles AI 1.10.8 Shell Upload
An unauthenticated arbitrary file upload vulnerability exists in the Cibeles AI plugin for WordPress versions 1.10.8 and earlier. The vulnerability allows unauthenticated attackers to upload arbitrary files, including PHP webshells, by exploiting the GitHub integration functionality, leading to...
📄 WordPress AI Bud 1.8.5 Shell Upload
WordPress AI Bud plugin version 1.8.5 suffers from an unauthenticated shell upload vulnerability. The vulnerability exists in the actualizadorgit.php file which provides unauthenticated access to download and execute files from arbitrary GitHub repositories without proper security controls...
📄 WordPress AI Feeds 1.0.11 Shell Upload
Proof of concept exploit for an unauthenticated arbitrary file upload vulnerability in the AI Feeds plugin for WordPress versions 1.0.11 and earlier. The vulnerability allows unauthenticated attackers to upload arbitrary files, including PHP webshells, by exploiting the GitHub integration...