11172 matches found
Gogs <0.12.6 - Remote Command Execution
Gogs before 0.12.6 is susceptible to remote command execution via the uploading repository file in GitHub repository gogs/gogs. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. id...
CopyParty v1.8.6 - Cross Site Scripting
Copyparty is a portable file server. Versions prior to 1.8.6 are subject to a reflected cross-site scripting XSS Attack.Vulnerability that exists in the web interface of the application could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link...
Jenkins GitHub Plugin <=1.29.1 - Server-Side Request Forgery
Jenkins GitHub Plugin 1.29.1 and earlier is susceptible to server-side request forgery via GitHubTokenCredentialsCreator.java, which allows attackers to leverage attacker-specified credentials IDs obtained through another method and capture the credentials stored in Jenkins. id: CVE-2018-1000600...
Mongo-Express - Remote Code Execution
Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. id: CVE-2020-24391 info: nam...
EUVD-2026-31781
A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...
Joomla! Component PrayerCenter 3.0.2 - SQL Injection
SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429. id: CVE-2018-7314 info: name: Joomla! Component PrayerCenter 3.0.2 - SQL Injection author: DhiyaneshDK severity: critical description: | SQL Injection...
MAL-2026-3994 Malicious code in @antv/g6-plugins (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3934 Malicious code in @antv/g-plugin-box2d (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Context-Aware Entity-Relation Extraction for Threat Intelligence Knowledge Graphs
Cybersecurity Knowledge Graphs CKGs unify diverse Cyber Threat Intelligence CTI sources into structured, queryable formats, offering scalable solutions for automating proactive and real-time security responses. Their increasing adoption has significantly enhanced the workflow and decision-making...
MAL-2026-3702 Malicious code in async-http-tools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 85e8a68bad6595a817f1dabed757662e2a04cfec7b45a86d9bfd61a7a78d14d1 During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...
Malicious code in graddio (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cf6bbc8eaafef42ed4e5740b1ff94df7749de4241d44846467b438db586399ba During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...
GHSA-MQQ7-WXX5-MP8H
creationtimestamp| type| source ---|---|--- 2026-05-01 06:10:28+00:00| seen| https://gist.github.com/alon710/63a0b9d45c1b8aff3ea39f384d9c8809...
Microsoft Open Management Infrastructure - Remote Code Execution
Microsoft Open Management Infrastructure is susceptible to remote code execution OMIGOD. id: CVE-2021-38647 info: name: Microsoft Open Management Infrastructure - Remote Code Execution author: daffainfo,xstp severity: critical description: Microsoft Open Management Infrastructure is susceptible t...
CVE-2026-42522
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...
EUVD-2026-26224
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...
CVE-2026-41640
creationtimestamp| type| source ---|---|--- 2026-04-23 09:30:40+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-41640.yaml 2026-04-24 21:02:31+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mkbgeo6kxw2t 2026-05-07...
CVE-2026-41232
creationtimestamp| type| source ---|---|--- 2026-04-15 06:39:05+00:00| published-proof-of-concept| https://github.com/froxlor/froxlor/security/advisories/GHSA-vmjj-qr7v-pxm6...
DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea
Threat actors likely associated with the Democratic People's Republic of Korea DPRK have been observed using GitHub as command-and-control C2 infrastructure in multi-stage attacks targeting organizations in South Korea. The attack chain, per Fortinet FortiGuard Labs, involves obfuscated Windows...
CVE-2026-33027
creationtimestamp| type| source ---|---|--- 2026-03-28 03:19:28+00:00| published-proof-of-concept| https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-m8p8-53vf-8357...
GO-2026-4717 Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration in github.com/akuity/kargo
Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration in github.com/akuity/kargo...