29376 matches found
CVE-2026-45152
creationtimestamp| type| source ---|---|--- 2026-05-08 05:58:32+00:00| published-proof-of-concept| https://github.com/uniget-org/cli/security/advisories/GHSA-qqq4-5773-pmw5 2026-05-27 23:01:08+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmumf5pusa2l 2026-05-27...
GHSA-RMX9-2PP3-XHCR vulnerabilities
Vulnerabilities for packages: tkn, tekton-pipelines, tekton-chains...
GHSA-38F8-5428-X5CV vulnerabilities
Vulnerabilities for packages: nuxeo, wazuh-indexer, apache-activemq-artemis, thingsboard, neo4j, strimzi-kafka-operator, apache-nifi, druid, apicurio-registry, docker-selenium, management-api-for-apache-cassandra-5.0, keycloak, spark, seata, localstack, apache-pulsar,...
EUVD-2026-28465
A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirectto query parameter on the /setup/unlock endpoint was reflected into an HTML attribute without proper sanitization, enabling an...
EUVD-2026-28461
An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...
EUVD-2026-28464
A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...
EUVD-2026-28462
A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled JSON request bodie...
PT-2026-39212
Name of the Vulnerable Software and Affected Versions Postiz versions prior to commit da44801 Description A Pwn Request issue in the Build and Publish PR Docker Image workflow located in '.github/workflows/pr-docker-build.yml' allows unauthenticated users to execute arbitrary code during the Dock...
CVE-2026-8034
A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...
CVE-2026-8106
A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirectto query parameter on the /setup/unlock endpoint was reflected into an HTML attribute without proper sanitization, enabling an...
CVE-2026-7541
A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled JSON request bodie...
CVE-2026-6736
An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...
CVE-2026-8106
CVE-2026-8106 describes a reflected HTML injection in the GitHub Enterprise Server Management Console login page. The vulnerability lies in the redirect_to query parameter on the /setup/unlock endpoint, which is reflected into an HTML attribute without proper sanitization. An attacker could entic...
CVE-2026-8106
A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirectto query parameter on the /setup/unlock endpoint was reflected into an HTML attribute without proper sanitization, enabling an...
CVE-2026-8106 Reflected HTML injection vulnerability in GitHub Enterprise Server Management Console login page allowed credential theft
A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirectto query parameter on the /setup/unlock endpoint was reflected into an HTML attribute without proper sanitization, enabling an...
CVE-2026-8106 Reflected HTML injection vulnerability in GitHub Enterprise Server Management Console login page allowed credential theft
A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirectto query parameter on the /setup/unlock endpoint was reflected into an HTML attribute without proper sanitization, enabling an...
CVE-2026-8034
A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...
CVE-2026-8034 Server-side request forgery vulnerability in GitHub Enterprise Server notebook viewer via URL parser confusion
A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...
CVE-2026-8034
CVE-2026-8034 is a server-side request forgery (SSRF) vulnerability in the GitHub Enterprise Server notebook viewer. The issue stems from URL parser confusion between the validation layer and the HTTP request library, where hostname validation uses a different parser than the request library, all...
CVE-2026-8034 Server-side request forgery vulnerability in GitHub Enterprise Server notebook viewer via URL parser confusion
A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...