PT-2026-42369

Nuclei: Local File Read via require Module Loader Bypass in github.com/projectdiscovery/nuclei...

MAL-2026-2946 Malicious code in moonbit-metrics-validator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e6bb44c25db578131ec69b1c961c22f67cabb0b81aae5fe9d4620194bf8d83cc Campaign includes a chain of dependencies that finally exfiltrate sensitive environment variables to a hardcoded GitHub repository as exfiltration target, and ...

CVE-2025-63878

The CVE-2025-63878 entry concerns Github Restaurant Website Restoran v1.0 with a SQL injection vulnerability exposed through the Contact Form page. The connected documents reiterate the same description and provide no concrete technical specifics beyond the vulnerability class (SQLi) and page vec...

EUVD-2025-8630

archives is a Go library for extracting archives tar, zip, etc.. Version 1.0.0 does not prevent a malicious user to feed a specially crafted archive to the library causing RCE, modification of files or other malignancies in the context of whatever the user is running this library as, through the...

CVE-2020-13326

A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the restriction for Github project import could be bypassed...

Creating a Windows Application Using Visual Studio Code, Cline, OpenRouter, and Claude

I just created a Windows 10/11 application that takes square screen captures. I did zero coding myself but used Visual Studio Code, Cline, OpenRouter, and Claude. I got the idea by watching a video on so-called Vibe programming by a YouTuber named Memory. I have zero Windows programming experienc...

Double-signing Attack

github.com/strangelove-ventures/horcrux is vulnerable to a double-signing attack. The vulnerability is due to a race condition in signature state handling when two independent events occurring within the same microsecond, allowing unintended duplicate signatures and leads to unintended...

GHSA-78VG-7V27-HJ67 auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped

Summary Unescaped entity property enables Javascript injection. Details I think this is possible because %sourcelabel% in twig macro is not escaped. Therefore script tags can be inserted and are executed. PoC - clone example project https://github.com/DamienHarper/auditor-bundle-demo - create...

GO-2022-0372 Subdomain Takeover in Interactsh server in github.com/projectdiscovery/interactsh

Subdomain Takeover in Interactsh server in github.com/projectdiscovery/interactsh...

Cross site scripting

Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

PYSEC-2023-30

Cross-site Scripting XSS - Stored in GitHub repository modoboa/modoboa prior to 2.0.4...

CVE-2021-40149

creationtimestamp| type| source ---|---|--- 2022-07-26 04:30:44+00:00| seen| https://t.me/cibsecurity/46408 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-40149.yaml...

CVE-2022-31547

The noamezekiel/sphere repository through 2020-05-31 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31547

The noamezekiel/sphere repository through 2020-05-31 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31518

The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-0154

An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to a Cross-Site Request Forgery attack that allows a malicious user to have their...

PT-2022-12999 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 7.7 through 14.4.4 GitLab versions 14.5.0 through 14.5.2 GitLab versions 14.6.0 through 14.6.1 Description: The issue allows a malicious user to perform a Cross-Site Request Forgery attack, enabling them to import their GitHub...

GitLab 跨站请求伪造漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A cross-site request forgery vulnerability exists in GitLab, which stems from ...

CVE-2021-40969

creationtimestamp| type| source ---|---|--- 2021-10-01 20:15:40+00:00| seen| https://t.me/cibsecurity/29826 2023-06-05 12:33:16+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-40969.yaml...

Exploit for SQL Injection in Online_Food_Ordering_Web_App_Project Online_Food_Ordering_Web_App

CVE-2021-41647 CVE-2021-41647 SQL Injection in Online-Food-Or...