29878 matches found
GHSA-FR2G-FCJJ-V8HC vulnerabilities
Vulnerabilities for packages: linux-qemu, linux-vmware, linux-qemu-rc...
GHSA-3PVJ-Q7QJ-89FG vulnerabilities
Vulnerabilities for packages: libssh2, libssh...
CVE-2025-10157
creationtimestamp| type| source ---|---|--- 2025-09-10 17:15:33+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-f7qq-56ww-84cr...
GHSA-RRJV-57MM-J6CM vulnerabilities
Vulnerabilities for packages: nodejs...
GHSA-GCF6-VGCR-474F vulnerabilities
Vulnerabilities for packages: nodejs...
Linux Distros Unpatched Vulnerability : CVE-2020-7664
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or...
Linux Distros Unpatched Vulnerability : CVE-2022-2060
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site Scripting XSS - Stored in GitHub repository dolibarr/dolibarr prior to 16.0. CVE-2022-2060 Note that Nessus relies on the presence of the package as...
Phish-Blitz: Advancing Phishing Detection with Comprehensive Webpage Resource Collection and Visual Integrity Preservation
Phishing attacks are increasingly prevalent, with adversaries creating deceptive webpages to steal sensitive information. Despite advancements in machine learning and deep learning for phishing detection, attackers constantly develop new tactics to bypass detection models. As a result, phishing...
Linux Distros Unpatched Vulnerability : CVE-2022-3873
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site Scripting XSS - DOM in GitHub repository jgraph/drawio prior to 20.5.2. CVE-2022-3873 Note that Nessus relies on the presence of the package as...
CVE-2025-58763
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. A command injection vulnerability in Tautulli v2.15.3 and prior allows attackers with administrative privileges to obtain remote code execution on the application server. This vulnerability requires the application to...
CVE-2025-58763
Tautulli (Python-based Plex monitoring) has a command-injection vulnerability affecting v2.15.3 and earlier. The flaw arises when cloning from GitHub and installing manually, where the update/version logic calls runGit via subprocess.Popen with shell=True. The checkout_git_branch path stores un s...
CVE-2025-58763 Tautulli vulnerable to Authenticated Remote Code Execution via Command Injection
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. A command injection vulnerability in Tautulli v2.15.3 and prior allows attackers with administrative privileges to obtain remote code execution on the application server. This vulnerability requires the application to...
CVE-2025-58763 Tautulli vulnerable to Authenticated Remote Code Execution via Command Injection
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. A command injection vulnerability in Tautulli v2.15.3 and prior allows attackers with administrative privileges to obtain remote code execution on the application server. This vulnerability requires the application to...
CVE-2025-54908
creationtimestamp| type| source ---|---|--- 2025-09-09 16:23:23+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2025-0278 2025-09-09 17:06:15+00:00| seen| https://www.thezdi.com/blog/2025/9/9/the-september-2025-security-update-review 2025-09-09 17:40:08+00:00| seen|...
keeshond_editor (>=0.1.0 <=0.13.0), keeshond_migrator (>=0.1.0 <=0.1.1) +2 more potentially affected by unknown CVE via toodee (>=0.2.4 <=0.3.0)
toodee CARGO version =0.2.4, =0.1.0, =0.1.0, =0.10.0, =0.13.0 Source cves: unknown CVE Source advisory: OSV:GHSA-PFP7-VXGR-83PW...
CVE-2025-10109
creationtimestamp| type| source ---|---|--- 2025-09-09 10:14:27+00:00| seen| https://gist.github.com/Darkcrai86/fd2fe6ea20ccb37f56e3bdc9b171c8e7...
CVE-2024-33326
creationtimestamp| type| source ---|---|--- 2025-09-09 09:16:31+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-33326.yaml 2025-09-10 21:02:32+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lyj4ykkqt227 2025-09-27...
BIT-JUPYTERLAB-2024-39700 Remote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action
JupyterLab extension template is a copier template for JupyterLab extensions. Repositories created using this template with test option include update-integration-tests.yml workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to...
Arbitrary Code Injection
Overview simstudio is a Sim Studio CLI - Run Sim Studio with a single command Affected versions of this package are vulnerable to Arbitrary Code Injection via the route.ts function. An attacker can execute arbitrary code by supplying crafted input to the code argument. Remediation A fix was pushe...
GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies
Salesloft has revealed that the data breach linked to its Drift application started with the compromise of its GitHub account. Google-owned Mandiant, which began an investigation into the incident, said the threat actor, tracked as UNC6395, accessed the Salesloft GitHub account from March through...