@zextras/carbonio-design-system (=12.0.3), react-native-github-markdown (>=2.1.0 <=2.2.0) potentially affected by CVE-2025-68467 via darkreader (>=4.7.15 <=4.9.105)

darkreader NPM version =4.7.15, =2.1.0, =2.2.0 Source cves: CVE-2025-68467 Source advisory: OSV:GHSA-X369-MCW8-8RVJ...

GHSA-55XF-4PMG-V3XM vulnerabilities

Vulnerabilities for packages: libvips...

GHSA-33R2-HFPX-FX7H vulnerabilities

Vulnerabilities for packages: libvips...

PT-2026-24344

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.14.25 GitHub Enterprise Server versions prior to 3.15.20 GitHub Enterprise Server versions prior to 3.16.16 GitHub Enterprise Server versions prior to 3.17.13 GitHub Enterprise Server versions prior...

📄 WordPress Cibeles AI 1.10.8 Shell Upload

An unauthenticated arbitrary file upload vulnerability exists in the Cibeles AI plugin for WordPress versions 1.10.8 and earlier. The vulnerability allows unauthenticated attackers to upload arbitrary files, including PHP webshells, by exploiting the GitHub integration functionality, leading to...

📄 WordPress AI Feeds 1.0.11 Shell Upload

Proof of concept exploit for an unauthenticated arbitrary file upload vulnerability in the AI Feeds plugin for WordPress versions 1.0.11 and earlier. The vulnerability allows unauthenticated attackers to upload arbitrary files, including PHP webshells, by exploiting the GitHub integration...

📄 WordPress AI Bud 1.8.5 Shell Upload

WordPress AI Bud plugin version 1.8.5 suffers from an unauthenticated shell upload vulnerability. The vulnerability exists in the actualizadorgit.php file which provides unauthenticated access to download and execute files from arbitrary GitHub repositories without proper security controls...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the toolsBySender process when untyped sender keys are used. An attacker can gain unauthorized access to privileged group tool permissions by causing an...

Replay Attack

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Replay Attack via the webhook replay handling. An attacker can cause duplicate inbound actions to be processed by replaying previously valid signed webhook requests after the replay windo...

CVE-2026-32063

creationtimestamp| type| source ---|---|--- 2026-03-03 21:52:54+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-vffc-f7r7-rx2w...

CVE-2026-32017

creationtimestamp| type| source ---|---|--- 2026-03-03 21:48:29+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-3x3x-h76w-hp98...

CVE-2026-3136 Google Cloud Build Comment Control Bypass

An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...

CVE-2026-3136

CVE-2026-3136 describes an improper authorization vulnerability in GitHub Trigger Comment Control within Google Cloud Build. Affected component: Trigger Comment Control in Google Cloud Build (prior to 2026-01-26). Root cause: improper authorization allows a remote attacker to execute arbitrary co...

GHSA-RX3G-MVC3-QFJF

creationtimestamp| type| source ---|---|--- 2026-03-03 00:40:08+00:00| seen| https://gist.github.com/alon710/7ac7ac6833d08e598a54fcec635175e4...

Google Cloud Build 安全漏洞

Google Cloud Build is a fully managed CI/CD platform provided by Google, Inc. Versions of Google Cloud Build prior to version 2026-1-26 contained security vulnerabilities. These vulnerabilities were due to improper authorization in the GitHub Trigger Comment Control mechanism, which could allow...

PT-2026-22755

An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...

vantuz (>=3.3.2 <=3.3.7) potentially affected by unknown CVE via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: unknown CVE Source advisory: OSV:GHSA-X82F-27X3-Q89C...

GHSA-MW96-CPMX-2VGC vulnerabilities

Vulnerabilities for packages: langfuse, vite, vitess...

Microsoft GitHub Copilot for JetBrains Command Injection Vulnerability

Microsoft GitHub Copilot for JetBrains is an AI programming assistant plugin from Microsoft USA that can be installed in various IDEs produced by JetBrains. A command injection vulnerability exists in Microsoft GitHub Copilot for JetBrains. The vulnerability stems from the application failing to...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the FunctionPushPop. An attacker can cause excessive resource consumption and application instability by triggering deep or infinite recursion through crafted input to the affected process. Remediation There is...