CVE-2026-8606

A Server-Side Request Forgery (SSRF) in GitHub Enterprise Server was exposed via the security advisories package lookup endpoint, allowing an attacker to issue HTTP requests to internal services. By directing requests to an internal management service and measuring response timing, an attacker co...

CVE-2026-8606 Server-Side Request Forgery in GitHub Enterprise Server via Advisory Package URL Endpoint

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and...

Malicious code in qaq-core-util-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41cf368bbc06ee2a9e0d2a9b2030d7604a41af7ed5fed253d48a0d9ff41f92f6 lib/memcached.js exports getCacheRedis, getCacheDataRedis, and setCacheRedis. Each function's signature accepts a cachedUrl parameter, but the...

Patch Where it Hurts: Effective Vulnerability Management in 2023

A recently published Security Navigator report data shows that businesses are still taking 215 days to patch a reported vulnerability. Even for critical vulnerabilities, it generally takes more than 6 months to patch. Good vulnerability management is not about being fast enough in patching all...

GHSA-9VP3-7QWQ-83R9 Server-Side Request Forgery in FUXA

A Server-Side Request Forgery SSRF attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server...

FUXA 代码问题漏洞

FUXA is an open source web-based process visualization SCADA/HMI/Dashboard software. A security vulnerability exists in FUXA 1.1.3 that originates from obtaining sensitive information from the server's internal environment and services, which could typically lead to an attacker executing commands...

CVE-2021-41590

In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test function can be used to identify th...

Buyer's Guide for Securing Internal Environment with a Small Cybersecurity Team

Ensuring the cybersecurity of your internal environment when you have a small security team is challenging. If you want to maintain the highest security level with a small team, your strategy has to be 'do more with less,' and with the right technology, you can leverage your team and protect your...

IBM API Connect Information Disclosure Vulnerability (CNVD-2018-09244)

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect. An attacker can exploit the vulnerability to gai...

CVE-2018-1468

IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. IBM X-Force ID: 140399...

CVE-2018-1468

IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. IBM X-Force ID: 140399...

Code injection

IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. IBM X-Force ID: 140399...