CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

791 matches found

NVD•added 2025/11/10 11:15 p.m.•2 views

CVE-2025-11892

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allows DOM-based cross-site scripting via Issues search label filter that could lead to privilege escalation and unauthorized workflow triggers. Successful exploitation requires an attacker to have...

9.6CVSS0.00052EPSS

Exploits0References5

OSV•added 2025/11/10 11:15 p.m.•0 views

CVE-2025-11578

A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker...

7.2CVSS5.9AI score

Exploits0References5

NVD•added 2025/11/10 11:15 p.m.•1 views

CVE-2025-11578

7.5CVSS0.0008EPSS

Exploits0References5

OSV•added 2025/11/10 11:15 p.m.•2 views

CVE-2025-11892

9.6CVSS5.7AI score0.00052EPSS

Exploits0References5

CVE•added 2025/11/10 10:44 p.m.•7 views

CVE-2025-11578

CVE-2025-11578 is a privilege-escalation vulnerability in GitHub Enterprise Server. An authenticated Enterprise admin could abuse a symlink escape in pre-receive hook environments to replace system binaries during hook cleanup and inject their SSH key into root’s authorized_keys, enabling root SS...

7.5CVSS6.9AI score0.0008EPSS

Exploits0References5Affected Software1

Cvelist•added 2025/11/10 10:44 p.m.•6 views

CVE-2025-11578 Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation

7.5CVSS0.0008EPSS

Exploits0References5

Vulnrichment•added 2025/11/10 10:44 p.m.•2 views

CVE-2025-11578 Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation

7.5CVSS6.9AI score0.0008EPSS

Exploits0References5

Vulnrichment•added 2025/11/10 10:43 p.m.•4 views

CVE-2025-11892 DOM-based Cross-Site Scripting was identified in GitHub Enterprise Server Issues search allows privilege escalation and unauthorized workflow triggers

8.6CVSS5.9AI score0.00052EPSS

Exploits0References5

Cvelist•added 2025/11/10 10:43 p.m.•7 views

CVE-2025-11892 DOM-based Cross-Site Scripting was identified in GitHub Enterprise Server Issues search allows privilege escalation and unauthorized workflow triggers

8.6CVSS0.00052EPSS

Exploits0References5

Positive Technologies•added 2025/11/10 12:0 a.m.•5 views

PT-2025-46217

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.19 GitHub Enterprise Server versions 3.14.19 GitHub Enterprise Server versions 3.15.14 GitHub Enterprise Server versions 3.16.10 GitHub Enterprise Server versions 3.17.7 GitHub Enterprise Server...

7.5CVSS6.8AI score0.0008EPSS

Exploits0References8

CNNVD•added 2025/11/10 12:0 a.m.•4 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability in GitHub Enterprise Server versions prior t...

9.6CVSS6.1AI score0.00052EPSS

Exploits0References6

CNNVD•added 2025/11/10 12:0 a.m.•2 views

GitHub Enterprise Server 安全漏洞

7.5CVSS6.5AI score0.0008EPSS

Exploits0References11

Positive Technologies•added 2025/11/10 12:0 a.m.•4 views

PT-2025-46218

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.18.1 GitHub Enterprise Server versions prior to 3.17.7 GitHub Enterprise Server versions prior to 3.16.10 GitHub Enterprise Server versions prior to 3.15.14 GitHub Enterprise Server versions prior t...

8.6CVSS6.1AI score0.00052EPSS

Exploits0References10