GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability

Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network...

OneUptime 安全漏洞

OneUptime is a comprehensive open-source solution developed by OneUptime. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.19 contain security vulnerabilities. These vulnerabilities stem from GitHub App callbacks that allow attackers to control parameters...

Microsoft GitHub Repo: Zero Shot scFoundation 安全漏洞

Microsoft GitHub Repo: Zero Shot scFoundation is a biological information research code base owned by Microsoft Corporation. There are security vulnerabilities present in Microsoft GitHub Repo: Zero Shot scFoundation. Attackers can exploit these vulnerabilities to execute code remotely...

KLA90920 Multiple vulnerabilities in Microsoft Open Source Software

Multiple vulnerabilities were found in Microsoft Open Source Software. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerabilitycan be exploited remotely to execu...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Vulnerabilities exist in versions 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6, and...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.20 of GitHub Enterprise Server, there was a security...

PT-2026-24264

Name of the Vulnerable Software and Affected Versions zero-shot-scfoundation affected versions not specified Description A dependency on a vulnerable third-party component within the zero-shot-scfoundation GitHub repository enables an unauthorized attacker to execute code over a network...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.20 of GitHub Enterprise Server, there were security...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. There is a security vulnerability in GitHub Enterprise Server, which stems from...

CVE-2026-29176

creationtimestamp| type| source ---|---|--- 2026-03-09 23:05:43+00:00| published-proof-of-concept| https://github.com/craftcms/commerce/security/advisories/GHSA-wj89-2385-gpx3...

CVE-2026-29174

creationtimestamp| type| source ---|---|--- 2026-03-09 22:58:48+00:00| published-proof-of-concept| https://github.com/craftcms/commerce/security/advisories/GHSA-pmgj-gmm4-jh6j...

CVE-2026-30920

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installationid values and updates Project.gitHubAppInstallationId with isRoot: true without validating that the caller is authorized for the...

CVE-2026-30920 OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installationid values and updates Project.gitHubAppInstallationId with isRoot: true without validating that the caller is authorized for the...

CVE-2026-30920 OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installationid values and updates Project.gitHubAppInstallationId with isRoot: true without validating that the caller is authorized for the...

CVE-2026-30920

OneUptime prior to version 10.0.19 has broken access control in the GitHub App installation flow. The GitHub App callback trusts attacker-controlled state and installation_id values, and writes the provided installation_id into Project.gitHubAppInstallationId with root privileges without validati...

CVE-2026-30920 OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installationid values and updates Project.gitHubAppInstallationId with isRoot: true without validating that the caller is authorized for the...

EUVD-2026-10433

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installationid values and updates Project.gitHubAppInstallationId with isRoot: true without validating that the caller is authorized for the...

Missing Authorization

Overview @oneuptime/common is a The OneUptime Common UI Library is a collection of shared components, utilities that are used across the OneUptime platform. It is designed to be easy to install and use, and to be extensible. This library is built with React and TypeScript. It includes c Affected...

OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding

Summary OneUptime's GitHub App callback trusts attacker-controlled state and installationid values and updates Project.gitHubAppInstallationId with isRoot: true without validating that the caller is authorized for the target project. This allows an attacker to overwrite another project's GitHub A...

EUVD-2026-10432

OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding...