Ubuntu: Security Advisory (USN-8012-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-25760

creationtimestamp| type| source ---|---|--- 2026-02-05 21:01:55+00:00| published-proof-of-concept| https://github.com/BishopFox/sliver/security/advisories/GHSA-2286-hxv5-cmp2...

GHSA-6WQW-2P9W-4VW4 vulnerabilities

Vulnerabilities for packages: langfuse, langfuse-fips, librechat...

CVE-2026-25758

creationtimestamp| type| source ---|---|--- 2026-02-05 13:49:28+00:00| published-proof-of-concept| https://github.com/spree/spree/security/advisories/GHSA-87fh-rc96-6fr6 2026-03-06 20:09:04+00:00| seen|...

CVE-2026-25757

creationtimestamp| type| source ---|---|--- 2026-02-05 13:46:30+00:00| published-proof-of-concept| https://github.com/spree/spree/security/advisories/GHSA-p6pv-q7rc-g4h9 2026-03-06 20:09:04+00:00| seen|...

CVE-2024-12734

creationtimestamp| type| source ---|---|--- 2026-02-05 04:57:35+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-12734.yaml 2026-02-07 21:02:56+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3meccxheos72i...

GO-2026-4395 terraform-provider-proxmox has insecure sudo recommendation in the documentation in github.com/bpg/terraform-provider-proxmox

terraform-provider-proxmox has insecure sudo recommendation in the documentation in github.com/bpg/terraform-provider-proxmox...

GHSA-3966-F6P6-2QR9 vulnerabilities

Vulnerabilities for packages: renovate, npm, vitess, saf, code-server...

Characterizing and Modeling the GitHub Security Advisories Review Pipeline

GitHub Security Advisories GHSA have become a central component of open-source vulnerability disclosure and are widely used by developers and security tools. A distinctive feature of GHSA is that only a fraction of advisories are reviewed by GitHub, while the mechanisms associated with this revie...

PT-2026-6531

EVE Doesn't Measure Config Partition From 2 Fronts in github.com/lf-edge/eve...

PT-2026-6530

EVE's Debug Functions Unlockable Without Triggering Measured Boot in github.com/lf-edge/eve...

PT-2026-6519

terraform-provider-proxmox has insecure sudo recommendation in the documentation in github.com/bpg/terraform-provider-proxmox...

PT-2026-6525

Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability in github.com/apache/answer. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positiv...

Ubuntu 24.04 LTS : GitHub CLI vulnerabilities (USN-8012-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8012-1 advisory. It was discovered that GitHub CLI could behave unexpectedly if users downloaded a malicious GitHub Actions workflow artifact through gh run download. An...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the attribute handling logic in restHandler/AttributesRestHandlder.go‎, which is accessible over the /attributes endpoint with /orchestrator/attributes?key=apiTokenSecret. A user can obtain the global API Token...

GHSA-RF4G-89H5-CRCR vulnerabilities

Vulnerabilities for packages: wolfictl, cg...

USN-8012-1 gh vulnerabilities

It was discovered that GitHub CLI could behave unexpectedly if users downloaded a malicious GitHub Actions workflow artifact through gh run download. An attacker could possibly use this issue to create or overwrite files in unintended directories. CVE-2024-54132 It was discovered that GitHub CLI...

USN-8012-1: GitHub CLI vulnerabilities

It was discovered that GitHub CLI could behave unexpectedly if users downloaded a malicious GitHub Actions workflow artifact through gh run download. An attacker could possibly use this issue to create or overwrite files in unintended directories. CVE-2024-54132 It was discovered that GitHub CLI...

CVE-2026-25221

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery CSRF. The application fails to implement and verify the state parameter during the...

Fedora 43 : python-python-multipart (2026-08c12edc84)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-08c12edc84 advisory. Security fix for CVE-2026-24486 / GHSA- wp53-j4wj-2cfg. ---- 0.0.22 2026-01-25 Drop directory path from filename in File Tenable has extracted the preceding...