29751 matches found
GO-2025-3927 Rancher Fleet Helm Values are stored inside BundleDeployment in plain text in github.com/rancher/fleet
Rancher Fleet Helm Values are stored inside BundleDeployment in plain text in github.com/rancher/fleet...
PT-2025-36642
NeuVector has an insecure password storage vulnerable to rainbow attack in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
PT-2025-36650
Rancher Fleet Helm Values are stored inside BundleDeployment in plain text in github.com/rancher/fleet...
PT-2025-36654
Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos...
PT-2025-36641
simple-admin-core SQL Injection vulnerability in github.com/suyuan32/simple-admin-core...
PT-2025-36655
Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos...
PT-2025-36648
HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads in github.com/hashicorp/vault...
Salesloft Drift Breach Traced to GitHub Compromise and Stolen OAuth Tokens
Salesloft Drift breach traced to GitHub compromise and stolen OAuth tokens, Mandiant confirms breach contained and Salesforce data targeted...
CVE-2022-0429
creationtimestamp| type| source ---|---|--- 2025-09-07 18:58:00+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-0429.yaml 2025-09-10 21:02:31+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lyj4ykfqoh2m...
CVE-2025-58875
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sudar Muthu WP Github Gist wp-github-gist allows Stored XSS.This issue affects WP Github Gist: from n/a through = 0.5...
CVE-2025-58401
Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account...
GhostAction Attack Steals 3,325 Secrets from GitHub Projects
GhostAction supply chain attack hit 817 GitHub repositories, stealing 3,325 secrets including npm, PyPI, and DockerHub tokens...
xss
This is a web application for a free online web and mobile security class, Hacker101. The application is built using Jekyll, a static site generator, and is hosted on GitHub Pages. The site provides a variety of resources, including videos, resources, and a CTF Capture The Flag section. The...
CVE-2025-58371
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remote Code Execution RCE on the Actions runner...
CVE-2025-58371 Roo Code is vulnerable to command injection via GitHub actions workflow
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remote Code Execution RCE on the Actions runner...
CVE-2025-58371
CVE-2025-58371 affects Roo Code (versions ≤ 3.26.6). A GitHub workflow used unsanitized pull request metadata in a privileged context, enabling an attacker to craft input that caused Remote Code Execution (RCE) on the Actions runner. The runner’s broad permissions and access to repository secrets...
CVE-2025-58371 Roo Code is vulnerable to command injection via GitHub actions workflow
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remote Code Execution RCE on the Actions runner...
CVE-2025-58875
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sudar Muthu WP Github Gist wp-github-gist allows Stored XSS.This issue affects WP Github Gist: from n/a through = 0.5...
CVE-2025-58875 WordPress WP Github Gist Plugin <= 0.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sudar Muthu WP Github Gist allows Stored XSS. This issue affects WP Github Gist: from n/a through 0.5...
CVE-2025-58875 WordPress WP Github Gist Plugin <= 0.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sudar Muthu WP Github Gist wp-github-gist allows Stored XSS.This issue affects WP Github Gist: from n/a through = 0.5...