29749 matches found
CVE-2025-55322
Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network...
CVE-2025-55322
Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network...
CVE-2025-55322
The CVE-2025-55322 entry concerns Microsoft OmniParser: an issue where binding to an unrestricted IP address enables an unauthenticated attacker to execute arbitrary code over the network. The vulnerability is documented with CVSSv3.1 base score 7.3 (HIGH) and involves network attack vector, no u...
GHSA-XXXX-XXXX-XXXX
creationtimestamp| type| source ---|---|--- 2025-09-24 10:59:00+00:00| seen| https://gist.github.com/wdcs-kishansudani/bd0202112117cb8a2269fa1190eb5b79 2025-10-16 15:12:46+00:00| seen| https://gist.github.com/knqyf263/c383be7ce9749cd462eefba79dd1a319 2025-12-01 17:48:05+00:00| seen|...
CVE-2021-24219
creationtimestamp| type| source ---|---|--- 2025-09-24 05:15:10+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24219.yaml 2025-09-28 21:02:27+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lzwfez6mib23 2026-06-19...
Fake Malwarebytes, LastPass, and others on GitHub serve malware
Fake versions of legitimate software are currently circulating on GitHub pages, in a large-scale campaign targeting Mac users. Unfortunately, Malwarebytes for Mac is one of them. Impersonating brands is sadly commonplace, as scammers take advantage of established brand names to target their...
CVE-2025-59822
creationtimestamp| type| source ---|---|--- 2025-09-23 12:54:32+00:00| published-proof-of-concept| https://github.com/http4s/http4s/security/advisories/GHSA-wcwh-7gfw-5wrr...
Widespread Supply Chain Compromise Impacting npm Ecosystem
CISA is releasing this Alert to provide guidance in response to a widespread software supply chain compromise involving the world’s largest JavaScript registry, npmjs.com. A self-replicating worm—publicly known as “Shai-Hulud”—has compromised over 500 packages.i After gaining initial access, the...
ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service
Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service DDoS attacks against targets of interest. The ShadowV2 botnet, according to Darktrace, predominantly targets misconfigured Docker containers on Amazon Web...
Security Bulletin: NVIDIA Megatron LM - September 2025
NVIDIA has released a software update for NVIDIA® Megatron LM. To protect your system, clone or update this software to version 0.13.1 and 0.12.3 or later from NVIDIA/Megatron-LM on NVIDIA GitHub. Go to NVIDIA Product Security...
GHSA-9GGR-2464-2J32
creationtimestamp| type| source ---|---|--- 2025-09-22 17:43:07+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115249183875342859...
Information Disclosure
nx is vulnerable to Information Disclosure. The vulnerability is due to malicious package versions containing code that scans the file system and collects credentials, which allows an attacker to exfiltrate sensitive data by posting it to GitHub under the victim’s account...
Malicious Package
Overview cui-travel-component is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
nightmare
This repository is an introduction to binary exploitation and reverse engineering course based on CTF challenges, called "Nightmare". It contains a large amount of content, with over 90 challenges, laid out in a linear fashion, and well-documented write-ups explaining how to go from being handed...
GHSA-67V4-38H7-9JJP vulnerabilities
Vulnerabilities for packages: jenkins...
CVE-2025-59420
creationtimestamp| type| source ---|---|--- 2025-09-20 08:10:15+00:00| published-proof-of-concept| https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32...
CVE-2021-42359
creationtimestamp| type| source ---|---|--- 2025-09-19 13:04:57+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-42359.yaml 2025-09-20 21:02:28+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lzcbnp6c2227 2026-06-19...
[SECURITY] Fedora 42 Update: gh-2.79.0-1.fc42
A command-line interface to GitHub for use in your terminal or your scripts. gh is a tool designed to enhance your workflow when working with GitHub. It provides a seamless way to interact with GitHub repositories and perform vari ous actions right from the command line, eliminating the need to...
[SECURITY] Fedora 41 Update: gh-2.79.0-1.fc41
A command-line interface to GitHub for use in your terminal or your scripts. gh is a tool designed to enhance your workflow when working with GitHub. It provides a seamless way to interact with GitHub repositories and perform vari ous actions right from the command line, eliminating the need to...
CVE-2023-53393
creationtimestamp| type| source ---|---|--- 2025-09-18 15:14:56+00:00| seen| https://gist.github.com/Darkcrai86/3a740039c7a5d1929fff8c17852ad058 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...