Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/03/10 5:40 p.m.5 views

CVE-2026-30920

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installationid values and updates Project.gitHubAppInstallationId with isRoot: true without validating that the caller is authorized for the...

8.6CVSS0.00011EPSS
Exploits1References1
Github Security Blog
Github Security Blogadded 2026/03/09 5:29 p.m.5 views

OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding

Summary OneUptime's GitHub App callback trusts attacker-controlled state and installationid values and updates Project.gitHubAppInstallationId with isRoot: true without validating that the caller is authorized for the target project. This allows an attacker to overwrite another project's GitHub A...

8.6CVSS5.9AI score0.00011EPSS
Exploits1References10Affected Software1
OSV
OSVadded 2026/03/09 5:29 p.m.1 views

GHSA-656W-6F6C-M9R6 OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding

Summary OneUptime's GitHub App callback trusts attacker-controlled state and installationid values and updates Project.gitHubAppInstallationId with isRoot: true without validating that the caller is authorized for the target project. This allows an attacker to overwrite another project's GitHub A...

8.6CVSS5.9AI score0.00011EPSS
Exploits1References10
CVE
CVEadded 2025/12/19 12:0 a.m.9 views

CVE-2025-67844

The Mintlify Platform’s GitHub Integration API (pre-2025-11-15) fails to validate that configured repository owner/name belong to the user’s GitHub App Installation ID, enabling disclosure of sensitive repository metadata. Multiple sources corroborate the issue and cite the same root cause in the...

5CVSS6.4AI score0.00054EPSS
Exploits1References4Affected Software1
EUVD
EUVDadded 2025/12/19 12:0 a.m.2 views

EUVD-2025-204426

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...

5CVSS6.3AI score0.00054EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2025/12/19 12:0 a.m.2 views

CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...

5CVSS6.4AI score0.00054EPSS
Exploits1References4
Securelist
Securelistadded 2017/06/28 6:51 p.m.39 views

ExPetr/Petya/NotPetya is a Wiper, Not Ransomware

After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims' disk, even if a payment was made. This supports the theory that this malware campaign was not designed as a ransomware attack for financial...

6.7AI score
Exploits0
Rows per page
Query Builder