29580 matches found
GHSA-477R-4CMW-3CGF
creationtimestamp| type| source ---|---|--- 2026-02-03 21:28:42+00:00| seen| Telegram/EolE0KtGpDyhwFa3K4uFjcrZ6zOl1wT5WaMQuq2zHWr2Ac...
GO-2026-4345 Mailpit has a Server-Side Request Forgery (SSRF) via HTML Check API in github.com/axllent/mailpit
Mailpit has a Server-Side Request Forgery SSRF via HTML Check API in github.com/axllent/mailpit...
GO-2026-4344 File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser
File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser...
GHSA-FC6G-2GCP-2QRQ
creationtimestamp| type| source ---|---|--- 2026-02-03 17:40:05+00:00| seen| https://gist.github.com/alon710/4c9483a1ae63cde824ec94a73e4b4ee0...
PT-2026-6511
Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability in github.com/fleetdm/fleet...
Can Developers Rely on LLMs for Secure IaC Development?
We investigated the capabilities of GPT-4o and Gemini 2.0 Flash for secure Infrastructure as Code IaC development. For security smell detection, on the Stack Overflow dataset, which primarily contains small, simplified code snippets, the models detected at least 71% of security smells when prompt...
PT-2026-6513
File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser...
PT-2026-6508
Mailpit has an SMTP Header Injection via Regex Bypass in github.com/axllent/mailpit...
PT-2026-6504
Skipper is vulnerable to arbitrary code execution through lua filters in github.com/zalando/skipper...
CVE-2026-25221
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery CSRF. The application fails to implement and verify the state parameter during the...
CVE-2026-25221 PolarLearn has Multiple Login CSRFs via Missing OAuth state Parameter (GitHub & Google)
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery CSRF. The application fails to implement and verify the state parameter during the...
CVE-2026-25221
CVE-2026-25221 (PolarLearn) affects PolarLearn prior to 0-PRERELEASE-15. The OAuth 2.0 login flow for GitHub and Google providers fails to implement/verify the state parameter, enabling a Login CSRF attack. An attacker can pre-authenticate a session and lure a victim into logging into the attacke...
CVE-2026-25221 PolarLearn has Multiple Login CSRFs via Missing OAuth state Parameter (GitHub & Google)
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery CSRF. The application fails to implement and verify the state parameter during the...
CVE-2026-25221 PolarLearn has Multiple Login CSRFs via Missing OAuth state Parameter (GitHub & Google)
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery CSRF. The application fails to implement and verify the state parameter during the...
Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
ExploitAtlas A full-stack Rust application for CVE intelligen...
GO-2026-4352 OpenTofu has High CPU usage in "tofu init" with maliciously-crafted module packages in .zip format in github.com/opentofu/opentofu
OpenTofu has High CPU usage in "tofu init" with maliciously-crafted module packages in .zip format in github.com/opentofu/opentofu...
GO-2026-4348 Client DoS via malformed server response in github.com/theupdateframework/go-tuf
Client DoS via malformed server response in github.com/theupdateframework/go-tuf...
CVE-2026-25522
creationtimestamp| type| source ---|---|--- 2026-02-02 20:59:20+00:00| published-proof-of-concept| https://github.com/craftcms/commerce/security/advisories/GHSA-h9r9-2pxg-cx9m...
GHSA-X24C-W26V-W8JG vulnerabilities
Vulnerabilities for packages: openjdk-11-openj9, openjdk-8-openj9, openjdk-25-openj9, openjdk-17-openj9, openjdk-21-openj9...
GHSA-7W66-J2R2-VM3P vulnerabilities
Vulnerabilities for packages: kubernetes...