Lucene search
+L

218 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-54186

Malicious code in bioql PyPI...

7.6CVSS5.8AI score0.0053EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-32572

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00468EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-4201

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00325EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-2071

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.00245EPSS
Exploits0References2
Hacker One
Hacker One
added 2025/09/03 9:6 p.m.9 views

Mozilla: User Can Delete Other Users' Personal Access Tokens at /delete-token/{token_id}/ on Mozilla Pontoon

A vulnerability was discovered in the Mozilla Pontoon application that allowed users to delete other users' personal access tokens at the /delete-token/tokenid/ endpoint without proper permission checks. The vulnerability was caused by the absence of user permission verification in the deletetoke...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-8114

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an...

8.8CVSS5.5AI score0.00684EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-12379

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an...

6.5CVSS5.5AI score0.00489EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/08/13 11:3 p.m.18 views

m00nl1ght-dev/steam-workshop-deploy: Exposure of Version-Control Repository to an Unauthorized Control Sphere and Insufficiently Protected Credentials

Summary The steam-workshop-deploy github action does not exclude the .git directory when packaging content for deployment and provides no built-in way to do so. If a .git folder exists in the target directory e.g., due to a local Git repo, custom project structure, or via the actions/checkout...

7.2AI score
Exploits0References6Affected Software2
OSV
OSV
added 2025/08/13 11:3 p.m.5 views

GHSA-X6GV-2RVH-QMP6 m00nl1ght-dev/steam-workshop-deploy: Exposure of Version-Control Repository to an Unauthorized Control Sphere and Insufficiently Protected Credentials

Summary The steam-workshop-deploy github action does not exclude the .git directory when packaging content for deployment and provides no built-in way to do so. If a .git folder exists in the target directory e.g., due to a local Git repo, custom project structure, or via the actions/checkout...

10CVSS7.2AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/08/13 12:0 a.m.2 views

PT-2025-34541 · Github Actions · Boldestdungeon/Steam-Workshop-Deploy +1

Summary The steam-workshop-deploy github action does not exclude the .git directory when packaging content for deployment and provides no built-in way to do so. If a .git folder exists in the target directory e.g., due to a local Git repo, custom project structure, or via the actions/checkout...

10CVSS7.3AI score
Exploits0References6
Packet Storm News
Packet Storm News
added 2025/07/16 12:0 a.m.4 views

gimmePATz - GitHub Personal Access Token (PAT) Recon Tool 1.0.0

gimmePatz is a recon tool for GitHub PATs. Designed for bug bounty hunters, pentesters and red teams. gimmePatz will tell you what scopes a PAT has, and it will tell you what repositories or GitHub Organizations the PAT is attached to as well...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/07/11 9:28 p.m.12 views

CVE-2025-53624

The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuratio...

10CVSS6.9AI score0.01842EPSS
Exploits0References1
Veracode
Veracode
added 2025/07/11 4:50 a.m.6 views

Sensitive Information Exposure

docusaurus-plugin-content-gists is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper handling of configuration options that include GitHub Personal Access Tokens, which are inadvertently embedded into client-side JavaScript bundles during the production build,...

10CVSS6AI score0.01842EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/07/09 10:40 p.m.32 views

GHSA-QF34-QPR4-5PPH docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token

GitHub Personal Access Token Exposure in docusaurus-plugin-content-gists Summary docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for...

10CVSS6.1AI score0.01842EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/07/09 9:8 p.m.2 views

CVE-2025-53624 docusaurus-plugin-content-gists Exposes GitHub Personal Access Token

The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuratio...

10CVSS6.8AI score0.01842EPSS
Exploits0References2
CVE
CVE
added 2025/07/09 9:8 p.m.69 views

CVE-2025-53624

The CVE-2025-53624 entry concerns the Docusaurus plugin docusaurus-plugin-content-gists. Versions prior to 4.0.0 are vulnerable because a GitHub Personal Access Token passed via plugin configuration could be exposed in production build artifacts, embedding the token in client-side JavaScript bund...

10CVSS6.2AI score0.01842EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/09 9:8 p.m.197 views

CVE-2025-53624 docusaurus-plugin-content-gists Exposes GitHub Personal Access Token

The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuratio...

10CVSS0.01842EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/07/04 2:43 p.m.5 views

SUSE CVE-2025-3230

Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to maintain full system access by exploiting access token validation flaws via continued usage of previous...

5.4CVSS6.9AI score0.00187EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/06 12:0 a.m.17 views

Mattermost Server 9.11.x < 9.11.13 / 10.5.x < 10.5.4 / 10.6.x < 10.6.3 / 10.7.1 Multiple Vulnerabilities (MMSA-2025-00458, MMSA-2025-00463, MMSA-2025-00467)

The version of Mattermost Server installed on the remote host is prior to 9.11.13, 10.5.4, 10.6.3, or 10.7.0. It is, therefore, affected by multiple vulnerabilities as referenced in the MMSA-2025-00458, MMSA-2025-00463, MMSA-2025-00467 advisories. - Mattermost versions 10.7.x = 10.7.0, 10.6.x =...

5.4CVSS5.6AI score0.00265EPSS
Exploits0References4
Snyk
Snyk
added 2025/06/03 5:58 p.m.2 views

Incorrect Implementation of Authentication Algorithm

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm. due to the improper invalidation of personal access tokens. An attacker can maintain access...

7.6CVSS6.9AI score0.00187EPSS
Exploits0References3
Rows per page
Query Builder