GHSA-495W-CQV6-WR59

creationtimestamp| type| source ---|---|--- 2025-12-05 16:43:10+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115667959131777282...

CVE-2025-14104

creationtimestamp| type| source ---|---|--- 2025-12-05 16:41:15+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115667951619073794 2025-12-05 16:55:13+00:00| seen| https://gist.github.com/Darkcrai86/acab713a6562bbf2fe78f6ee421d7241 2025-12-05 17:16:43+00:00| seen|...

PromptPwnd Vulnerability Exposes AI driven build systems to Data Theft

Aikido Security exposes a new AI prompt injection flaw in GitHub/GitLab pipelines, letting attackers steal secrets. Major companies affected...

GHSA-2CF5-4W76-R9QV vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce...

Sift or Get off the PoC: Applying Information Retrieval to Vulnerability Research with SiftRank

Security research is fundamentally a problem of resource constraint and consequent prioritization. There is simply too much attack surface and too little time and energy to spend analyzing it all. The most effective security researchers are often those who are most skilled at intuitively deciding...

GHSA-9MPM-9PXH-MG4F

creationtimestamp| type| source ---|---|--- 2025-12-03 20:46:44+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115657592254208627...

GHSA-V8V5-C872-MF8R

creationtimestamp| type| source ---|---|--- 2025-12-03 19:30:40+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115657293148457938...

Exploit for CVE-2025-55182

GitHub CVE Scanner 🔍 Quickly scan GitHub repositories for c...

CVE-2025-66220

creationtimestamp| type| source ---|---|--- 2025-12-03 17:01:36+00:00| published-proof-of-concept| https://github.com/envoyproxy/envoy/security/advisories/GHSA-rwjg-c3h2-f57p...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the deployments configured with ACME and SCEP provisioners. An attacker can gain unauthorized access to sensitive resources by bypassing authorization controls. Remediation Upgrade...

GHSA-9QR9-H5GF-34MP

creationtimestamp| type| source ---|---|--- 2025-12-03 16:43:56+00:00| seen| https://bsky.app/profile/hnws.bsky.social/post/3m73vpks5fm2i 2025-12-03 17:00:30+00:00| seen| https://bsky.app/profile/hnbot.gsuscs.xyz/post/3m73wn646xc2m 2025-12-03 17:07:45+00:00| seen|...

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the sse or streaming transport modes. An attacker can gain unauthorized access to internal resources by tricking a victim into visiting a malicious website or serving a malicious advertisement...

CVE-2025-62575

creationtimestamp| type| source ---|---|--- 2025-12-03 06:10:08+00:00| seen| https://bsky.app/profile/blackwiremedia.bsky.social/post/3m72sc7m7zc2g 2025-12-03 07:42:50+00:00| seen| https://gist.github.com/Darkcrai86/61cfb0b7823317e3619ec7a2c6465b58 2025-12-03 08:03:29+00:00| seen|...

poc-finder

PoC Finder – Threat Intelligence → PoC Search Introductio...

A Comprehensive Study on the Impact of Vulnerable Dependencies on Open-Source Software

Open-source libraries are widely used by software developers to speed up the development of products, however, they can introduce security vulnerabilities, leading to incidents like Log4Shell. With the expanding usage of open-source libraries, it becomes even more imperative to comprehend and...

Oracle Linux 10 : ELSA-2025-20478-0: / zziplib (ELSA-2025-204780)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-204780 advisory. 0.13.78-2 - Fix directory traversal in unzip binary - Disable the CVE tests during the check phase - the reproducers for these are downloaded from the github...

GHSA-9H52-P55H-VW2F

creationtimestamp| type| source ---|---|--- 2025-12-02 19:07:58+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115651541601478240...

Directory Traversal

Overview rxiv-maker is a Write scientific preprints in Markdown. Generate publication-ready PDFs efficiently. Affected versions of this package are vulnerable to Directory Traversal due to insufficient sanitization of GitHub name input. The GitHub name validation logic fails to strip path...

Arbitrary Code Injection

Overview kagura-ai is an Universal AI Memory Platform - MCP-native context management for all AI agents Affected versions of this package are vulnerable to Arbitrary Code Injection due to missing access restrictions in multiple tool endpoints, including codingindexsourcecode,...

Missing Authorization

Overview github-webhook-server is an A webhook server to manage Github repositories and pull requests. Affected versions of this package are vulnerable to Missing Authorization via unsafe loading of OWNERS files from pull-request–controlled repository checkouts. The...