29580 matches found
CVE-2026-3306
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access to a repository and write access to a project to modify issue and pull request metadata through the project. When adding an item to a project that already existed, column value...
CVE-2026-3306
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access to a repository and write access to a project to modify issue and pull request metadata through the project. When adding an item to a project that already existed, column value...
CVE-2026-23654
Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network...
CVE-2026-23654
Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network...
CVE-2026-3306 Improper authorization in GitHub Projects allows modification of issue and pull request metadata without repository write access
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access to a repository and write access to a project to modify issue and pull request metadata through the project. When adding an item to a project that already existed, column value...
CVE-2026-3306
CVE-2026-3306 describes an improper authorization in GitHub Enterprise Server where a user with read access to a repository and write access to a project could modify issue and pull request metadata via the project without repository write permissions being verified during column value updates. T...
CVE-2026-3306
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access to a repository and write access to a project to modify issue and pull request metadata through the project. When adding an item to a project that already existed, column value...
CVE-2026-3306 Improper authorization in GitHub Projects allows modification of issue and pull request metadata without repository write access
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access to a repository and write access to a project to modify issue and pull request metadata through the project. When adding an item to a project that already existed, column value...
CVE-2026-30920
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installationid values and updates Project.gitHubAppInstallationId with isRoot: true without validating that the caller is authorized for the...
CVE-2026-3854 Remote code execution via git push option injection in GitHub Enterprise Server
An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly...
CVE-2026-3854
An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly...
CVE-2026-3854
CVE-2026-3854 describes an RCE vulnerability in GitHub Enterprise Server arising during git push option handling. An attacker with push access could abuse unsanitized user-supplied push option values that are incorporated into internal service headers; because the header format uses a delimiter t...
CVE-2026-23654 GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability
...
CVE-2026-23654 GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability
...
CVE-2026-23654
CVE-2026-23654 affects the zero-shot-scfoundation GitHub repository via a dependency on a vulnerable third‑party component. The entry describes an unauthorized attacker receiving remote code execution over a network. CVSSv3.1 details: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H with base score 8.8 (HIGH)...
GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability
Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network...
KLA90920 Multiple vulnerabilities in Microsoft Open Source Software
Multiple vulnerabilities were found in Microsoft Open Source Software. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerabilitycan be exploited remotely to execu...
OneUptime 安全漏洞
OneUptime is a comprehensive open-source solution developed by OneUptime. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.19 contain security vulnerabilities. These vulnerabilities stem from GitHub App callbacks that allow attackers to control parameters...
Microsoft GitHub Repo: Zero Shot scFoundation 安全漏洞
Microsoft GitHub Repo: Zero Shot scFoundation is a biological information research code base owned by Microsoft Corporation. There are security vulnerabilities present in Microsoft GitHub Repo: Zero Shot scFoundation. Attackers can exploit these vulnerabilities to execute code remotely...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. There is a security vulnerability in GitHub Enterprise Server, which stems from...