CVE-2026-3143

creationtimestamp| type| source ---|---|--- 2026-04-30 23:00:04+00:00| seen| https://t.me/GithubRedTeam/82241 2026-04-30 23:00:10+00:00| seen| Telegram/P45NJHmymloXtZIQDhqedqgrJijkJmCthR1UJzeSteIHM 2026-05-07 20:00:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/83256 2026-05-08...

GHSA-V4P8-MG3P-G94G vulnerabilities

Vulnerabilities for packages: litellm...

GHSA-XQMJ-J6MV-4862 vulnerabilities

Vulnerabilities for packages: litellm...

CVE-2026-42594

creationtimestamp| type| source ---|---|--- 2026-04-30 18:32:12+00:00| published-proof-of-concept| https://github.com/gotenberg/gotenberg/security/advisories/GHSA-r33j-c622-r6qp...

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. According to Aikido Security, OX Security, Socket, and StepSecurity, the two malicious versions are versions 2.6.2...

The (In)security Landscape of AI-Powered GitHub Actions (Part 2/2)

When AI meets CI/CD: permission bypasses, prompt injection, and what to do about it...

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center TRC in March 2026. This operation specifically targets the high-privilege professional accounts of enterprise administrators, DevOps engineers, and security analysts by impersonating...

CVE-2026-37572

creationtimestamp| type| source ---|---|--- 2026-04-30 08:49:10+00:00| seen| https://gist.github.com/sgInnora/5aa1682c359a4f4ced53fc2408936e82...

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

Google has addressed a maximum severity security flaw in Gemini CLI -- the "@google/gemini-cli" npm package and the "google-github-actions/run-gemini-cli" GitHub Actions workflow -- that could have allowed attackers to execute arbitrary commands on host systems. "The vulnerability allowed an...

com.base2services.jenkins:github-sqs-plugin (>=1.0 <=1.5), com.elasticbox.jenkins-ci.plugins:elasticbox (>=4.0.9 <=4.1.6) +27 more potentially affected by CVE-2026-42523 via com.coravy.hudson.plugins.github:github (>=1.10 <=1.45.0)

com.coravy.hudson.plugins.github:github MAVEN version =1.10, =1.0, =4.0.9, =1.0-alpha-1, =1.27.17, =1.0-alpha-1, =1.0-alpha-1, =1.0.0, =1.0.0, =1.0-alpha-8, =1.0-alpha-4, =0.1-preview-4, =1.0-alpha-1, =634.v371dc6d978a3, =1.83.v5bff0e55cd2d, =1.3.0, =1.4.3 and more Source cves: CVE-2026-42523...

Cross-site Scripting (XSS)

Overview com.coravy.hudson.plugins.github:github is a Jenkins GitHub plugin Affected versions of this package are vulnerable to Cross-site Scripting XSS via JavaScript validation logic for the “GitHub hook trigger for GITScm polling” feature. An attacker can execute arbitrary JavaScript code by...

Missing Authorization

Overview org.jenkins-ci.plugins:github-branch-source is a multibranch projects and organization folders from GitHub. Maintained by CloudBees, Inc. Affected versions of this package are vulnerable to Missing Authorization in the GitHubAppCredentials descriptor through the testConnection handler. A...

Microsoft Open Management Infrastructure - Remote Code Execution

Microsoft Open Management Infrastructure is susceptible to remote code execution OMIGOD. id: CVE-2021-38647 info: name: Microsoft Open Management Infrastructure - Remote Code Execution author: daffainfo,xstp severity: critical description: Microsoft Open Management Infrastructure is susceptible t...

GHSA-GH4J-GQV2-49F6 vulnerabilities

Vulnerabilities for packages: prism, langfuse, kubeflow-pipelines, tileserver-gl, opensearch-dashboards, saf, renovate...

CVE-2026-44425

creationtimestamp| type| source ---|---|--- 2026-04-29 23:48:30+00:00| published-proof-of-concept| https://github.com/shellhub-io/shellhub/security/advisories/GHSA-47r2-v3x6-wff9...

MAL-2026-3193 Malicious code in rblx-http (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b0078ee9b9f6221ab242c9f2442f86670e320a5058c306590b5e5b458066e414 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware. According to reports from Aikido Security, Onapsis, OX Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz, the campaign – calli...

io.jenkins.blueocean:blueocean (>=1.27.17 <=1.27.25), io.jenkins.blueocean:blueocean-bitbucket-pipeline (>=1.27.17 <=1.27.25) +9 more potentially affected by CVE-2026-42522 via org.jenkins-ci.plugins:github-branch-source (>=1793.v1831e9c68d77 <=1967.vdea_d580c1a_b_a_)

org.jenkins-ci.plugins:github-branch-source MAVEN version =1793.v1831e9c68d77, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =634.v371dc6d978a3, =1.83.v5bff0e55cd2d, =4.204.vf74143795d5f, =611.v70d151e60ec4, =685.v53b070455063 Source cves: CVE-2026-42522 Source advisory:...

GHSA-W22P-4X9F-486V Jenkins GitHub Plugin has an XSS vulnerability

In Jenkins GitHub Plugin versions 1.46.0 and earlier, the JavaScript that validates the "GitHub hook trigger for GITScm polling" feature improperly processes the current job URL. This results in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with Overall/Re...

Jenkins GitHub Plugin has an XSS vulnerability

In Jenkins GitHub Plugin versions 1.46.0 and earlier, the JavaScript that validates the "GitHub hook trigger for GITScm polling" feature improperly processes the current job URL. This results in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with Overall/Re...