29552 matches found
Exploit for CVE-2024-9999
ExploitRank - Exploit Intelligence Engine EIE v1.0.0 !Pyt...
GHSA-7777-FHQ9-592V
creationtimestamp| type| source ---|---|--- 2026-02-28 00:40:10+00:00| seen| https://gist.github.com/alon710/cc79fb84eb7e27eda5e00b377415b26c...
GHSA-QVMX-RQMX-PVFG vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2002-1614
creationtimestamp| type| source ---|---|--- 2026-02-27 07:25:02+00:00| seen| https://gist.github.com/ghh-jb/61f35d015c4e180bbddcf324be113e26...
GHSA-42CR-W2GR-M54Q
creationtimestamp| type| source ---|---|--- 2026-02-27 06:10:18+00:00| seen| https://gist.github.com/alon710/87a9eaadd5362fd30512683dd9901643...
CVE-2026-27938
WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the wp-graphql/wp-graphql repository contains a GitHub Actions workflow release.yml vulnerable to OS command injection through direct use of $ github.event.pullrequest.body inside a run: shell block. When a pull request...
GHSA-PHWV-C562-GVMH
creationtimestamp| type| source ---|---|--- 2026-02-27 04:10:19+00:00| seen| https://gist.github.com/alon710/bd389c3761f00f62851a6d5cd2e46410...
GO-2026-4560 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users in github.com/fleetdm/fleet
Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users in github.com/fleetdm/fleet...
GO-2026-4558 Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API in github.com/axllent/mailpit
Mailpit is Vulnerable to Server-Side Request Forgery SSRF via Link Check API in github.com/axllent/mailpit...
GO-2026-4563 Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint in github.com/fleetdm/fleet
Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint in github.com/fleetdm/fleet...
[SECURITY] Fedora 43 Update: gh-2.87.0-2.fc43
A command-line interface to GitHub for use in your terminal or your scripts. gh is a tool designed to enhance your workflow when working with GitHub. It provides a seamless way to interact with GitHub repositories and perform vari ous actions right from the command line, eliminating the need to...
GHSA-GJ6X-Q8RH-WJ6X
creationtimestamp| type| source ---|---|--- 2026-02-27 00:10:19+00:00| seen| https://gist.github.com/alon710/8f17f9c15768fb9e715dace4af33516b...
CVE-2026-27701
LiveCode is an open-source, client-side code playground. Prior to commit e151c64c2bd80d2d53ac1333f1df9429fe6a1a11, LiveCode's i18n-update-pull GitHub Actions workflow is vulnerable to JavaScript injection. The title of the Pull Request associated with the triggering issue comment is interpolated...
CVE-2026-27638
creationtimestamp| type| source ---|---|--- 2026-02-26 22:04:01+00:00| published-proof-of-concept| https://github.com/actualbudget/actual/security/advisories/GHSA-qmjj-p7m9-wjrv...
User Impersonation
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to User Impersonation via the GitHub Webhook Trigger component. An attacker can trigger unauthorized workflow executions by sending unsigned POST requests to the webhook endpoint, thereby injecting...
n8n: Webhook Forgery on Github Webhook Trigger
Impact An attacker who knows the webhook URL of a workflow using the GitHub Webhook Trigger node could send unsigned POST requests and trigger the workflow with arbitrary data. The node did not implement the HMAC-SHA256 signature verification that GitHub provides to authenticate webhook deliverie...
GHSA-WXX7-MCGF-J869
creationtimestamp| type| source ---|---|--- 2026-02-26 07:10:19+00:00| seen| https://gist.github.com/alon710/701a60f9f2d4887df5a419fe55913115 2026-02-26 18:09:12+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/n8n-security-advisory-av26-176 2026-02-27 03:31:16+00:00| seen|...
CVE-2026-27941
OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...
CVE-2026-27938
WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the wp-graphql/wp-graphql repository contains a GitHub Actions workflow release.yml vulnerable to OS command injection through direct use of $ github.event.pullrequest.body inside a run: shell block. When a pull request...
GHSA-XH43-G2FQ-WJRJ
creationtimestamp| type| source ---|---|--- 2026-02-26 02:10:19+00:00| seen| https://gist.github.com/alon710/1371fd3ef3a3abfae5e6b307e565141d...