29752 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-2060
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site Scripting XSS - Stored in GitHub repository dolibarr/dolibarr prior to 16.0. CVE-2022-2060 Note that Nessus relies on the presence of the package as...
Linux Distros Unpatched Vulnerability : CVE-2022-3873
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site Scripting XSS - DOM in GitHub repository jgraph/drawio prior to 20.5.2. CVE-2022-3873 Note that Nessus relies on the presence of the package as...
Linux Distros Unpatched Vulnerability : CVE-2020-7664
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or...
CVE-2025-58763
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. A command injection vulnerability in Tautulli v2.15.3 and prior allows attackers with administrative privileges to obtain remote code execution on the application server. This vulnerability requires the application to...
CVE-2025-58763
Tautulli (Python-based Plex monitoring) has a command-injection vulnerability affecting v2.15.3 and earlier. The flaw arises when cloning from GitHub and installing manually, where the update/version logic calls runGit via subprocess.Popen with shell=True. The checkout_git_branch path stores un s...
CVE-2025-58763 Tautulli vulnerable to Authenticated Remote Code Execution via Command Injection
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. A command injection vulnerability in Tautulli v2.15.3 and prior allows attackers with administrative privileges to obtain remote code execution on the application server. This vulnerability requires the application to...
CVE-2025-58763 Tautulli vulnerable to Authenticated Remote Code Execution via Command Injection
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. A command injection vulnerability in Tautulli v2.15.3 and prior allows attackers with administrative privileges to obtain remote code execution on the application server. This vulnerability requires the application to...
CVE-2025-54908
creationtimestamp| type| source ---|---|--- 2025-09-09 16:23:23+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2025-0278 2025-09-09 17:06:15+00:00| seen| https://www.thezdi.com/blog/2025/9/9/the-september-2025-security-update-review 2025-09-09 17:40:08+00:00| seen|...
keeshond_editor (>=0.1.0 <=0.13.0), keeshond_migrator (>=0.1.0 <=0.1.1) +2 more potentially affected by unknown CVE via toodee (>=0.2.4 <=0.3.0)
toodee CARGO version =0.2.4, =0.1.0, =0.1.0, =0.10.0, =0.13.0 Source cves: unknown CVE Source advisory: OSV:GHSA-PFP7-VXGR-83PW...
CVE-2025-10109
creationtimestamp| type| source ---|---|--- 2025-09-09 10:14:27+00:00| seen| https://gist.github.com/Darkcrai86/fd2fe6ea20ccb37f56e3bdc9b171c8e7...
CVE-2024-33326
creationtimestamp| type| source ---|---|--- 2025-09-09 09:16:31+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-33326.yaml 2025-09-10 21:02:32+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lyj4ykkqt227 2025-09-27...
BIT-JUPYTERLAB-2024-39700 Remote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action
JupyterLab extension template is a copier template for JupyterLab extensions. Repositories created using this template with test option include update-integration-tests.yml workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to...
Arbitrary Code Injection
Overview simstudio is a Sim Studio CLI - Run Sim Studio with a single command Affected versions of this package are vulnerable to Arbitrary Code Injection via the route.ts function. An attacker can execute arbitrary code by supplying crafted input to the code argument. Remediation A fix was pushe...
GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies
Salesloft has revealed that the data breach linked to its Drift application started with the compromise of its GitHub account. Google-owned Mandiant, which began an investigation into the incident, said the threat actor, tracked as UNC6395, accessed the Salesloft GitHub account from March through...
GPUGate Malware Uses Google Ads and Fake GitHub Commits to Target IT Firms
Cybersecurity researchers have detailed a new sophisticated malware campaign that leverages paid ads on search engines like Google to deliver malware to unsuspecting users looking for popular tools like GitHub Desktop. While malvertising campaigns have become commonplace in recent years, the late...
GO-2025-3921 Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token in github.com/coder/coder
Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token in github.com/coder/coder...
GO-2025-3923 Rancher affected by unauthenticated Denial of Service in github.com/rancher/rancher
Rancher affected by unauthenticated Denial of Service in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...
GO-2025-3927 Rancher Fleet Helm Values are stored inside BundleDeployment in plain text in github.com/rancher/fleet
Rancher Fleet Helm Values are stored inside BundleDeployment in plain text in github.com/rancher/fleet...
GO-2025-3934 Argo CD's Project API Token Exposes Repository Credentials in github.com/argoproj/argo-cd
Argo CD's Project API Token Exposes Repository Credentials in github.com/argoproj/argo-cd...
GO-2025-3937 Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos
Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos...