11190 matches found
GitHub Launches AI-Powered Autofix Tool to Assist Devs in Patching Security Flaws
GitHub on Wednesday announced that it's making available a feature called code scanning autofix in public beta for all Advanced Security customers to provide targeted recommendations in an effort to avoid introducing new security issues. "Powered by GitHub Copilot and CodeQL, code scanning autofi...
CVE-2024-1908
An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with non-default settings fo...
CVE-2024-2748
A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 a...
CVE-2024-2748
CVE-2024-2748 is a Cross Site Request Forgery vulnerability affecting GitHub Enterprise Server 3.12.0 that could allow an attacker to perform unauthorized actions on behalf of a user. The underlying issue is a CSRF flaw that requires user interaction to exploit. GitHub fixed this in version 3.12....
CVE-2024-2748 CSRF vulnerability was identified in GitHub Enterprise Server that allowed performing actions on behalf of a user
A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 a...
CVE-2024-2443 Improper input validation vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub...
CVE-2024-2443 Improper input validation vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub...
CVE-2024-2469 Remote Code Execution in GitHub Enterprise Server Allowed Administrators to gain SSH access to the appliance
An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported...
CVE-2024-29138
creationtimestamp| type| source ---|---|--- 2024-03-19 15:27:08+00:00| seen| https://t.me/ctinow/211613 2026-01-06 18:30:18+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-29138.yaml 2026-01-10 21:02:56+00:00| seen|...
GHSA-RJ29-J2G4-77Q8 [TagAwareCipher] - Decryption Failure (Regex Match)
Impact Vulnerability in SecureProps involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded with NullEncoder and passed to TagAwareCipher, and contains special characters such as \n. As a result, the decryption process is...
ZoneMinder Snapshots < 1.37.33 - Unauthenticated RCE
import re import requests from bs4 import BeautifulSoup import argparse import base64 Exploit Title: Unauthenticated RCE in ZoneMinder Snapshots Date: 12 December 2023 Discovered by : @Unblvr1 Exploit Author: Ravindu Wickramasinghe @rvizx9 Vendor Homepage: https://zoneminder.com/ Software Link:...
vm2 3.9.19 Sandbox Escape
/ Exploit Title: vm2 Sandbox Escape vulnerability Date: 23/12/2023 Exploit Author: Calil Khalil & Adriel Mc Roberts Vendor Homepage: https://github.com/patriksimek/vm2 Software Link: https://github.com/patriksimek/vm2 Version: vm2 = 3.9.19 Tested on: Ubuntu 22.04 CVE : CVE-2023-37466 / const VM =...
Hackers Using Cracked Software on GitHub to Spread RisePro Info Stealer
Cybersecurity researchers have found a number of GitHub repositories offering cracked software that are used to deliver an information stealer called RisePro. The campaign, codenamed gitgub, includes 17 repositories associated with 11 different accounts, according to G DATA. The repositories in...
GHSA-GVPG-VGMX-XG6W
creationtimestamp| type| source ---|---|--- 2024-03-16 02:07:13+00:00| seen| https://t.me/arpsyndicate/4232 2025-07-16 03:54:14+00:00| seen| https://gist.github.com/safer-bot/f6680196cf1b0aee1c5fa9abea2ce0e1 2025-07-16 04:14:47+00:00| seen|...
CVE-2024-24156
CVE-2024-24156: Cross Site Scripting (XSS) in Gnuboard g6 prior to commit 58c737a263ac0c523592fd87ff71b9e3c07d7cf5 allows remote attackers to execute arbitrary code via the wr_content parameter. Affected product: Gnuboard g6 (before the cited commit). Root cause: XSS in wr_content parameter. Impa...
GO-2024-2631 Decompression bomb vulnerability in github.com/go-jose/go-jose
An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...
Third-Party ChatGPT Plugins Could Lead to Account Takeovers
Cybersecurity researchers have found that third-party plugins available for OpenAI ChatGPT could act as a new attack surface for threat actors looking to gain unauthorized access to sensitive data. According to new research published by Salt Labs, security flaws found directly in ChatGPT and with...
Improper Privilege Management
github.com/argoproj/argo-cd is vulnerable to Improper Privilege Management. The vulnerability is due to improper checks to prevent users with the create privilege from syncing local manifests. An attacker can exploit this vulnerability to bypass git merge protections by syncing local manifests on...
VCURMS and STRRAT Trojans Using AWS and GitHub as Launchpads
Summary: A sophisticated phishing campaign is targeting personnel, enticing them to click on a seemingly innocuous button to authenticate payment details. However, this action initiates the download of a harmful JAR file from Amazon Web Services AWS onto the victims device. This malicious file...
GO-2024-2617 Authentication bypass in github.com/hashicorp/vault
The TLS certificate authentication method incorrectly validates client certificates when configured with a non-CA certificate as a trusted certificate. When configured this way, attackers may be able to craft a certificate that can be used to bypass authentication...