PT-2025-51825

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from not verifying the identity of a plugin bot in a reaction forward, which could lead to the hijacking of the GitHub reaction function via...

CVE-2025-67727

Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permission...

CVE-2025-68267

In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...

CVE-2025-68267

In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...

CVE-2025-68267

CVE-2025-68267 affects JetBrains TeamCity versions prior to 2025.11.1. Root cause: TeamCity stored a GitHub personal access token instead of an installation token, enabling excessive privileges. Documented impact in connected Nessus advisory (multiple vulnerabilities for pre-2025.11.1). Remediati...

CVE-2025-68267

In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...

CVE-2025-68267

In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...

EUVD-2025-203763

In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...

CVE-2025-64249

creationtimestamp| type| source ---|---|--- 2025-12-16 09:48:34+00:00| seen| https://gist.github.com/Darkcrai86/e9732cfdf140924444e56b3db031ea0f...

CVE-2025-66127

creationtimestamp| type| source ---|---|--- 2025-12-16 09:42:07+00:00| seen| https://gist.github.com/Darkcrai86/f6a72031327f65f39d50da98970b3b3e...

CVE-2025-68079

creationtimestamp| type| source ---|---|--- 2025-12-16 09:23:39+00:00| seen| https://gist.github.com/Darkcrai86/34d46e786d11967fa0a09944a7f2e961...

CVE-2025-68068

creationtimestamp| type| source ---|---|--- 2025-12-16 09:04:38+00:00| seen| https://infosec.exchange/users/offseq/statuses/115728441491344745 2025-12-16 09:25:49+00:00| seen| https://gist.github.com/Darkcrai86/810135840fcb56a8426cd36a6d48cd7d...

Security Bulletin: NVIDIA Resiliency Extension - December 2025

NVIDIA has released a software update for NVIDIA® Resiliency Extension. To protect your system, clone or update this software to version 0.5.0 or later from NVIDIA Resiliency Extension on GitHub. Go to NVIDIA Product Security...

Security Bulletin: NVIDIA NeMo Framework - December 2025

NVIDIA has released a software update for NVIDIA® NeMo Framework. To protect your system, clone or update this software to version 2.5.3 or later from NVIDIA/NeMo Framework on NVIDIA GitHub and pypi. Go to NVIDIA Product Security...

SeBERTis: A Framework for Producing Classifiers of Security-Related Issue Reports

Monitoring issue tracker submissions is a crucial software maintenance activity. A key goal is the prioritization of high risk, security-related bugs. If such bugs can be recognized early, the risk of propagation to dependent products and endangerment of stakeholder benefits can be mitigated. To...

PT-2025-51718

In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A security vulnerability exists in JetBrains TeamCity...

CVE-2025-68142

creationtimestamp| type| source ---|---|--- 2025-12-15 22:07:58+00:00| published-proof-of-concept| https://github.com/facelessuser/pymdown-extensions/security/advisories/GHSA-r6h4-mm7h-8pmq...

GO-2025-4228 Algernon Cross-Site Scripting vulnerability in github.com/xyproto/algernon

Algernon Cross-Site Scripting vulnerability in github.com/xyproto/algernon...