GO-2026-4659 FileBrowser Quantum: Password-Protected Share Bypass via /public/api/share/info in github.com/gtsteffaniak/filebrowser/backend

FileBrowser Quantum: Password-Protected Share Bypass via /public/api/share/info in github.com/gtsteffaniak/filebrowser/backend...

CVE-2026-32104

creationtimestamp| type| source ---|---|--- 2026-03-11 14:50:34+00:00| published-proof-of-concept| https://github.com/withstudiocms/studiocms/security/advisories/GHSA-9v82-xrm4-mp52...

GHSA-H3RV-Q4RQ-PQCV

creationtimestamp| type| source ---|---|--- 2026-03-11 12:10:06+00:00| seen| https://gist.github.com/alon710/90d4653c1f3204acd98b3c7dd62773cd...

CVE-2026-30920

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installationid values and updates Project.gitHubAppInstallationId with isRoot: true without validating that the caller is authorized for the...

GHSA-MHG6-2Q2V-9H2C

creationtimestamp| type| source ---|---|--- 2026-03-11 06:40:06+00:00| seen| https://gist.github.com/alon710/e6746ea37c744f27fa53aba7fbd358d4...

CVE-2026-32110

creationtimestamp| type| source ---|---|--- 2026-03-11 01:11:29+00:00| published-proof-of-concept| https://github.com/siyuan-note/siyuan/security/advisories/GHSA-56cv-c5p2-j2wg...

CVE-2026-31975

creationtimestamp| type| source ---|---|--- 2026-03-11 00:37:25+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-gv8f-wpm2-m5wr...

Jellyfin 安全漏洞

Jellyfin is an open-source free software media system developed by Jellyfin. It allows you to control the management and streaming of media. It serves as a replacement for proprietary products like Emby and Plex, enabling the delivery of media from proprietary servers to end-user devices through...

CVE-2026-24117 affecting package gh for versions less than 2.62.0-13

CVE-2026-24117 affecting package gh for versions less than 2.62.0-13. A patched version of the package is available...

EUVD-2026-10829

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...

EUVD-2026-10793

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed DOM-based cross-site scripting via task list content. The task list content extraction logic did not properly re-encode browser-decoded text nodes before rendering, allowing user-supplied HTM...

EUVD-2026-10792

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed DOM-based cross-site scripting via task list content. The task list content extraction logic did not properly re-encode browser-decoded text nodes before rendering, allowing user-supplied HTM...

EUVD-2026-10828

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...

CVE-2026-3582

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...

CVE-2026-3582

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...

CVE-2026-2266

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed DOM-based cross-site scripting via task list content. The task list content extraction logic did not properly re-encode browser-decoded text nodes before rendering, allowing user-supplied HTM...

CVE-2026-2266

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed DOM-based cross-site scripting via task list content. The task list content extraction logic did not properly re-encode browser-decoded text nodes before rendering, allowing user-supplied HTM...

GHSA-XJGW-4WVW-RGM4

creationtimestamp| type| source ---|---|--- 2026-03-10 19:10:06+00:00| seen| https://gist.github.com/alon710/318772c839d4af9a91549fceab76247e...

CVE-2026-3582

CVE-2026-3582 affects GitHub Enterprise Server. An Incorrect Authorization vulnerability allowed an authenticated user with a classic PAT lacking the repo scope to retrieve issues and commits from private/internal repositories via the search REST API, provided the user already had access to the r...

CVE-2026-3582 Incorrect Authorization in GitHub Enterprise Server allows access to issue and commit search results without repo scope

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...