GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. There are security vulnerabilities in versions of GitHub Enterprise Server prior ...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.20 of GitHub Enterprise Server, there was a security...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.19 of GitHub Enterprise Server, there was a security...

PT-2026-20504

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting an authorization bypass in the enable auto merge mutation for pull requests. This issue only...

PT-2026-20495

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.19 GitHub Enterprise Server versions 3.19.2 GitHub Enterprise Server versions 3.18.4 GitHub Enterprise Server versions 3.17.10 GitHub Enterprise Server versions 3.16.13 GitHub Enterprise Server...

PT-2026-20503

A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload endpoint. By supplying the migration...

CVE-2026-28448

creationtimestamp| type| source ---|---|--- 2026-02-17 21:37:55+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-33rq-m5x2-fvgf...

CVE-2026-28467

creationtimestamp| type| source ---|---|--- 2026-02-17 21:30:48+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-wfp2-v9c7-fh79...

GO-2026-4436 EVE Has Partially Predetermined Vault Key in github.com/lf-edge/eve

EVE Has Partially Predetermined Vault Key in github.com/lf-edge/eve...

GO-2026-4474 File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL in github.com/filebrowser/filebrowser

File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL in github.com/filebrowser/filebrowser...

GO-2026-4467 Mattermost Server has Improper Authorization for Integration Requests in github.com/mattermost/mattermost-server

Mattermost Server has Improper Authorization for Integration Requests in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

GO-2026-4444 OpenCloud Reva has a Public Link Exploit in github.com/opencloud-eu/reva

OpenCloud Reva has a Public Link Exploit in github.com/opencloud-eu/reva...

GO-2026-4493 Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC in github.com/yokecd/yoke

Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC in github.com/yokecd/yoke...

GO-2026-4491 Unauthenticated Admission Webhook Endpoints in Yoke ATC in github.com/yokecd/yoke

Unauthenticated Admission Webhook Endpoints in Yoke ATC in github.com/yokecd/yoke...

Authorization Bypass Through User-Controlled Key

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the sessionKey parameter in the POST /hooks/agent endpoint. An attacker can inject messages or prompts into arbitrary sessions by...

SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer

Cybersecurity researchers have disclosed details of a new SmartLoader campaign that involves distributing a trojanized version of a Model Context Protocol MCP server associated with Oura Health to deliver an information stealer known as StealC. "The threat actors cloned a legitimate Oura MCP Serv...

poc-test-vulnerability

poc-test-vulnerab...

CVE-2026-26992

creationtimestamp| type| source ---|---|--- 2026-02-17 00:35:22+00:00| published-proof-of-concept| https://github.com/librenms/librenms/security/advisories/GHSA-93fx-g747-695x...

GHSA-W487-9R9P-6P96 vulnerabilities

Vulnerabilities for packages: gitlab-pages-fips, gitlab-rails-ce-fips, gitlab-runner-fips, gitlab-runner...

CVE-2025-70948

creationtimestamp| type| source ---|---|--- 2026-02-15 12:47:42+00:00| seen| https://gist.github.com/0xHunterr/38aab644874ca9f4646524c5b01cfe5e 2026-03-05 21:52:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgdrtj6ysh2y 2026-03-07 15:39:54+00:00| seen|...