CVE-2025-62364 text-generation-webui allows arbitrary file read via symbolic link upload

text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Local File Inclusion vulnerability exists in the character picture upload feature. An attacker can upload a text file containing a symbolic link to an arbitrary file path. When the...

Linux Distros Unpatched Vulnerability : CVE-2023-38403

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. CVE-2023-38403 Note that Nessus relies on the...

CVE-2024-8810

A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. This vulnerability affected all versions of GitHu...

CVE-2024-6800

An XML signature wrapping vulnerability was present in GitHub Enterprise Server GHES when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise...

PT-2024-37178 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 GitHub Enterprise Server version 3.9.17 GitHub Enterprise Server version 3.10.14 GitHub Enterprise Server version 3.11.12 GitHub Enterprise Server version 3.12.6 GitHub Enterprise Server version...