Lucene search
K

29751 matches found

OSV
OSV
added 2025/09/08 2:13 p.m.2 views

GO-2025-3927 Rancher Fleet Helm Values are stored inside BundleDeployment in plain text in github.com/rancher/fleet

Rancher Fleet Helm Values are stored inside BundleDeployment in plain text in github.com/rancher/fleet...

7.7CVSS6.6AI score0.00217EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.3 views

PT-2025-36642

NeuVector has an insecure password storage vulnerable to rainbow attack in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

7AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.4 views

PT-2025-36650

Rancher Fleet Helm Values are stored inside BundleDeployment in plain text in github.com/rancher/fleet...

6.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.5 views

PT-2025-36654

Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos...

4.3CVSS6.8AI score0.0032EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.4 views

PT-2025-36641

simple-admin-core SQL Injection vulnerability in github.com/suyuan32/simple-admin-core...

7CVSS8AI score0.00248EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.5 views

PT-2025-36655

Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos...

5.4CVSS5.7AI score0.00236EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.2 views

PT-2025-36648

HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads in github.com/hashicorp/vault...

7.5CVSS6.9AI score0.00697EPSS
Exploits0References6
HackRead
HackRead
added 2025/09/07 9:43 p.m.14 views

Salesloft Drift Breach Traced to GitHub Compromise and Stolen OAuth Tokens

Salesloft Drift breach traced to GitHub compromise and stolen OAuth tokens, Mandiant confirms breach contained and Salesforce data targeted...

7AI score
Exploits0
Circl
Circl
added 2025/09/07 6:58 p.m.4 views

CVE-2022-0429

creationtimestamp| type| source ---|---|--- 2025-09-07 18:58:00+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-0429.yaml 2025-09-10 21:02:31+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lyj4ykfqoh2m...

6.1CVSS5.9AI score0.01378EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/09/07 2:32 p.m.2 views

CVE-2025-58875

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sudar Muthu WP Github Gist wp-github-gist allows Stored XSS.This issue affects WP Github Gist: from n/a through = 0.5...

6.5CVSS5.9AI score0.00154EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/07 5:33 a.m.15 views

CVE-2025-58401

Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account...

6.8CVSS6.6AI score0.00094EPSS
Exploits0References1
HackRead
HackRead
added 2025/09/06 12:17 p.m.5 views

GhostAction Attack Steals 3,325 Secrets from GitHub Projects

GhostAction supply chain attack hit 817 GitHub repositories, stealing 3,325 secrets including npm, PyPI, and DockerHub tokens...

7.1AI score
Exploits0
Gitee
Gitee
added 2025/09/06 12:17 a.m.83 views

xss

This is a web application for a free online web and mobile security class, Hacker101. The application is built using Jekyll, a static site generator, and is hosted on GitHub Pages. The site provides a variety of resources, including videos, resources, and a CTF Capture The Flag section. The...

7AI score
Exploits0
NVD
NVD
added 2025/09/05 11:15 p.m.4 views

CVE-2025-58371

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remote Code Execution RCE on the Actions runner...

9.9CVSS0.0075EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/05 10:42 p.m.7 views

CVE-2025-58371 Roo Code is vulnerable to command injection via GitHub actions workflow

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remote Code Execution RCE on the Actions runner...

9.9CVSS0.0075EPSS
Exploits0References2
CVE
CVE
added 2025/09/05 10:42 p.m.33 views

CVE-2025-58371

CVE-2025-58371 affects Roo Code (versions ≤ 3.26.6). A GitHub workflow used unsanitized pull request metadata in a privileged context, enabling an attacker to craft input that caused Remote Code Execution (RCE) on the Actions runner. The runner’s broad permissions and access to repository secrets...

9.9CVSS7.5AI score0.0075EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/05 10:42 p.m.3 views

CVE-2025-58371 Roo Code is vulnerable to command injection via GitHub actions workflow

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remote Code Execution RCE on the Actions runner...

9.9CVSS7.4AI score0.0075EPSS
Exploits0References2
NVD
NVD
added 2025/09/05 2:16 p.m.9 views

CVE-2025-58875

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sudar Muthu WP Github Gist wp-github-gist allows Stored XSS.This issue affects WP Github Gist: from n/a through = 0.5...

6.5CVSS0.00154EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/05 1:45 p.m.3 views

CVE-2025-58875 WordPress WP Github Gist Plugin <= 0.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sudar Muthu WP Github Gist allows Stored XSS. This issue affects WP Github Gist: from n/a through 0.5...

6.5CVSS5.3AI score0.00154EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/05 1:45 p.m.10 views

CVE-2025-58875 WordPress WP Github Gist Plugin <= 0.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sudar Muthu WP Github Gist wp-github-gist allows Stored XSS.This issue affects WP Github Gist: from n/a through = 0.5...

6.5CVSS0.00154EPSS
Exploits0References1
Rows per page
Query Builder