11172 matches found
CVE-2026-33868
creationtimestamp| type| source ---|---|--- 2026-03-25 11:02:39+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-33868.yaml 2026-03-26 21:03:02+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mhyiuuwxmq2l 2026-03-27...
EUVD-2026-12107
In Bun before 1.3.5, the default trusted dependencies list aka trust allow list can be spoofed by a non-npm package in the case of a matching name for file, link, git, or github...
Contagious Interview: Malware delivered through fake developer job interviews
Microsoft Defender Experts has observed the Contagious Interview campaign, a sophisticated social engineering operation active since at least December 2022. Microsoft continues to detect activity associated with this campaign in recent customer environments, targeting software developers at...
CVE-2026-23654
CVE-2026-23654 affects the zero-shot-scfoundation GitHub repository via a dependency on a vulnerable third‑party component. The entry describes an unauthorized attacker receiving remote code execution over a network. CVSSv3.1 details: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H with base score 8.8 (HIGH)...
900+ Certificates Used by Fortune 500, Governments Exposed by Key Leaks
A joint study by Google and GitGuardian reveals that over 2,600 valid TLS certificates, protecting Fortune 500 companies and government agencies, were compromised due to private key leaks on GitHub and DockerHub...
CVE-2026-25757
creationtimestamp| type| source ---|---|--- 2026-02-05 13:46:30+00:00| published-proof-of-concept| https://github.com/spree/spree/security/advisories/GHSA-p6pv-q7rc-g4h9 2026-03-06 20:09:04+00:00| seen|...
PT-2026-6519
terraform-provider-proxmox has insecure sudo recommendation in the documentation in github.com/bpg/terraform-provider-proxmox...
PT-2026-6508
Mailpit has an SMTP Header Injection via Regex Bypass in github.com/axllent/mailpit...
CVE-2026-24910
In Bun before 1.3.5, the default trusted dependencies list aka trust allow list can be spoofed by a non-npm package in the case of a matching name for file, link, git, or github...
CVE-2026-24910
In Bun before 1.3.5, the default trusted dependencies list aka trust allow list can be spoofed by a non-npm package in the case of a matching name for file, link, git, or github...
CVE-2026-24910
CVE-2026-24910 affects Bun prior to 1.3.5. The issue: the default trusted dependencies list (trust allow list) can be spoofed by a non-npm package when a name matches an existing trusted dependency, across file, link, git, or GitHub sources. Reported impacts include potential manipulation of the ...
CVE-2026-24910
In Bun before 1.3.5, the default trusted dependencies list aka trust allow list can be spoofed by a non-npm package in the case of a matching name for file, link, git, or github...
EUVD-2026-4859
In Bun before 1.3.5, the default trusted dependencies list aka trust allow list can be spoofed by a non-npm package in the case of a matching name for file, link, git, or github...
PT-2026-5032
Name of the Vulnerable Software and Affected Versions Bun versions prior to 1.3.5 Description The default trusted dependencies list in Bun can be manipulated by a non-npm package if the package name matches an existing trusted dependency. This affects dependencies installed via file, link, or...
GHSA-GFW2-4JVH-WGFG
creationtimestamp| type| source ---|---|--- 2026-01-19 23:20:05+00:00| seen| https://gist.github.com/konard/0d69c914be52c3cee3437d4858b1c259...
GO-2026-4293 WeKnora vulnerable to SQL Injection in github.com/Tencent/WeKnora
WeKnora vulnerable to SQL Injection in github.com/Tencent/WeKnora...
CVE-2022-31519
The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31564
The woduq1414/munhak-moa repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31502
The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31530
The csm-aut/csm repository through 3.5 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...