29379 matches found
CVE-2026-8034
A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...
CVE-2026-8034 Server-side request forgery vulnerability in GitHub Enterprise Server notebook viewer via URL parser confusion
A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...
CVE-2026-8034
CVE-2026-8034 is a server-side request forgery (SSRF) vulnerability in the GitHub Enterprise Server notebook viewer. The issue stems from URL parser confusion between the validation layer and the HTTP request library, where hostname validation uses a different parser than the request library, all...
CVE-2026-8034 Server-side request forgery vulnerability in GitHub Enterprise Server notebook viewer via URL parser confusion
A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...
CVE-2026-7541
A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled JSON request bodie...
CVE-2026-7541 Denial of service vulnerability in GitHub Enterprise Server allowed service disruption via unauthenticated API endpoint
A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled JSON request bodie...
CVE-2026-7541 Denial of service vulnerability in GitHub Enterprise Server allowed service disruption via unauthenticated API endpoint
A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled JSON request bodie...
CVE-2026-7541
CVE-2026-7541 is a denial-of-service vulnerability in GitHub Enterprise Server. An unauthenticated attacker could trigger service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled JSON bodies without siz...
CVE-2026-6736
An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...
CVE-2026-6736
CVE-2026-6736 describes an authentication bypass in GitHub Enterprise Server (GHES) : when external authentication is enabled, the signup endpoint could create a local user account and establish a session without validating the external identity provider. This unauthenticated access required netw...
CVE-2026-6736 Authentication bypass vulnerability in GitHub Enterprise Server allowed creation of local user accounts bypassing the configured external identity provider
An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...
CVE-2026-6736 Authentication bypass vulnerability in GitHub Enterprise Server allowed creation of local user accounts bypassing the configured external identity provider
An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...
GHSA-F89H-2FJH-2R9Q vulnerabilities
Vulnerabilities for packages: starship, cargo-audit...
CVE-2026-44724
creationtimestamp| type| source ---|---|--- 2026-05-07 19:37:55+00:00| published-proof-of-concept| https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-hvx9-hwr7-wjj9 2026-05-28 05:01:13+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmvaizrzqz26...
Exploit for CVE-2026-44590
CVE-2026-44590 - sherlock-project/sherlock CI - RCE via pullr...
CVE-2026-44681
creationtimestamp| type| source ---|---|--- 2026-05-07 18:33:35+00:00| published-proof-of-concept| https://github.com/authlib/authlib/security/advisories/GHSA-r95x-qfjj-fjj2...
CVE-2026-38361
creationtimestamp| type| source ---|---|--- 2026-05-07 15:00:05+00:00| seen| https://t.me/GithubRedTeam/83224 2026-05-07 23:00:14+00:00| seen| Telegram/oaX1QMYGY6U2VLr3GbuHtJDEm63hpjXfJZtZ3v8CfS2o2Y 2026-05-08 03:00:06+00:00| seen| Telegram/xvoYgOFnUf5jFw65bW2FC7fcn6orx4l4LTjm0d68ZkOEzo 2026-05-0...
CVE-2026-45088
creationtimestamp| type| source ---|---|--- 2026-05-07 13:30:22+00:00| published-proof-of-concept| https://github.com/hahwul/dalfox/security/advisories/GHSA-35wr-x7v6-9fv2...
CVE-2026-45090
creationtimestamp| type| source ---|---|--- 2026-05-07 13:30:22+00:00| published-proof-of-concept| https://github.com/hahwul/dalfox/security/advisories/GHSA-2g4x-fq3j-cgq4...
CVE-2026-34847
creationtimestamp| type| source ---|---|--- 2026-05-07 11:30:53+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-34847.yaml...