CVE-2025-62039

creationtimestamp| type| source ---|---|--- 2026-04-22 16:54:21+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-62039.yaml 2026-04-23 21:03:14+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mk6vwu4jqz2i...

CVE-2026-41432

creationtimestamp| type| source ---|---|--- 2026-04-22 14:14:22+00:00| published-proof-of-concept| https://github.com/QuantumNous/new-api/security/advisories/GHSA-xff3-5c9p-2mr4...

CVE-2026-44015

creationtimestamp| type| source ---|---|--- 2026-04-22 11:15:44+00:00| published-proof-of-concept| https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-wr32-99hh-6f35...

CVE-2021-3152

creationtimestamp| type| source ---|---|--- 2026-04-22 08:43:03+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-3152.yaml 2026-04-23 21:03:09+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mk6vwthxjx2x...

GHSA-HX6P-XPX3-JVVV vulnerabilities

Vulnerabilities for packages: yara-x, wasmcloud, zed, wizer...

Improper Authentication

Mattermost is vulnerable to improper authentication. The vulnerability is due to failure to validate plugin bot identity in reaction forwarding, which allows an attacker to hijack the GitHub reaction feature and make users add reactions to arbitrary GitHub objects via crafted notification posts...

GHSA-98CP-84M9-Q3QP

creationtimestamp| type| source ---|---|--- 2026-04-22 01:19:46+00:00| seen| Telegram/K73t--MeF8g6jG3bb2C-tygRugHSGj3gpQqllzPf61swe44...

EUVD-2026-24554

A server-side request forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was disabled, the notebo...

EUVD-2026-24550

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error...

EUVD-2026-24547

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands via shell metacharacter injection in proxy configuration fields such as httpproxy. Exploitation o...

EUVD-2026-24552

An improper authorization vulnerability in scoped user-to-server ghu token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an authorization fallback that...

EUVD-2026-24520

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the ownerid parameter in the request bod...

EUVD-2026-24545

An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party OAuth application's registered callback URL could craft a malicious authorization link that, when...

GHSA-VVFW-4M39-FJQF

creationtimestamp| type| source ---|---|--- 2026-04-21 23:30:49+00:00| seen| Telegram/WzFh75qC0rKhc-ksOtYvdTuNUy7-5M1wjcl5aTvCRw8jriM...

CVE-2026-4821

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it was published in error...

CVE-2026-5845

An improper authorization vulnerability in scoped user-to-server ghu token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an authorization fallback that...

CVE-2026-5921

A server-side request forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was disabled, the notebo...

CVE-2026-5512

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error...

CVE-2026-4296

An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party OAuth application's registered callback URL could craft a malicious authorization link that, when...

CVE-2026-5845 Improper authorization fallback allows scoped user-to-server token installation escape in GitHub Enterprise Server

An improper authorization vulnerability in scoped user-to-server ghu token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an authorization fallback that...