Improper Preservation Of Permissions

github.com/authzed/spicedb is vulnerable to Improper Preservation Of Permissions. The vulnerability is due to a failure in the exclusion dispatcher to request all the folders in which the user is a member, leading to an incorrect NOPERMISSION response when the user should have permission...

CVE-2024-5746

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise...

CVE-2024-5746

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise...

GO-2024-2922 Cilium leaks sensitive information in cilium-bugtool in github.com/cilium/cilium

Cilium leaks sensitive information in cilium-bugtool in github.com/cilium/cilium...

GO-2024-2923 Vulnerabilities with the k8sGPT in github.com/k8sgpt-ai/k8sgpt

Vulnerabilities with the k8sGPT in github.com/k8sgpt-ai/k8sgpt...

GHSA-RVJ4-Q8Q5-8GRF ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability

Impact There is a vulnerability in Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability. References - CVE-2024-35255 Patches - https://github.com/traefik/traefik/releases/tag/v2.11.5 - https://github.com/traefik/traefik/releases/tag/v3.0.3 Workarounds...

CVE-2023-49113

The CVE-2023-49113 issue concerns Kiuwan SAST and Kiuwan Local Analyzer (KLA). The vulnerability is a data leakage risk caused by hard-coded secrets found in JARs: InsightServicesConfig.properties contains insight.github.user and insight.github.password, and Encryptor.properties includes the encr...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

Un Hacker En Capital ¡Bienvenido a mi repositorio de GitHub!...

CVE-2024-36115

CVE-2024-36115 affects Reposilite (v3.5.10 and prior) where artifact content served in the browser can execute JavaScript within the same origin, enabling stored XSS that can access token-secret from localStorage. This can lead to full compromise of the Reposilite instance and, in worst cases, re...

UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying

The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has been observed utilizing multiple persistence mechanisms in order to maintain unfettered access to compromised environments. "Persistence mechanisms encompassed...

CVE-2024-37904 Denial of service from maliciously configured Git repository in Minder

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...

CVE-2024-37904

CVE-2024-37904 affects Minder’s Git provider, which can be DoS’d by cloning a large or malicious repository into memory via go-git/go-git/v5. The root cause is that user-controlled Git URLs are cloned without a repository size limit and the entire repo is loaded into memory, enabling memory exhau...

Cooked – Recipe Management <= Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Cooked – Recipe Management recipe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipesettingsposttitle parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows...

container-tools:ol8 bug fix and enhancement update

aardvark-dns 2:1.10.0-1 - update to https://github.com/containers/aardvark-dns/releases/tag/v1.10.0 - Related: Jira:RHEL-2110 2:1.9.0-1 - update to https://github.com/containers/aardvark-dns/releases/tag/v1.9.0 - Related: Jira:RHEL-2110 2:1.8.0-1 - update to...

Privilege Escalation

github.com/dnscrypt/dnscrypt-proxy is vulnerable to Privilege escalation. The vulnerability is caused by insecure file permissions on the dnscrypt-proxy executable, which allows non-privileged users to overwrite it with malicious code, leading to potential privilege escalation to root when the...

GO-2024-2906 CVE-2024-5138 in github.com/snapcore/snapd

CVE-2024-5138 in github.com/snapcore/snapd...

GO-2024-2915 Open Redirect URL in Harbor in github.com/goharbor/harbor

Open Redirect URL in Harbor in github.com/goharbor/harbor...

GO-2024-2911 go-grpc-compression has a zstd decompression bombing vulnerability in github.com/mostynb/go-grpc-compression

go-grpc-compression has a zstd decompression bombing vulnerability in github.com/mostynb/go-grpc-compression...

GO-2024-2907 Files or Directories Accessible to External Parties in ProjectDiscovery in github.com/projectdiscovery/interactsh

Files or Directories Accessible to External Parties in ProjectDiscovery in github.com/projectdiscovery/interactsh...

GO-2024-2919 malicious container creates symlink "mtab" on the host External in github.com/cri-o/cri-o

malicious container creates symlink "mtab" on the host External in github.com/cri-o/cri-o...