Lucene search
K

30 matches found

CVE
CVE
added 2026/06/12 8:22 p.m.19 views

CVE-2026-44780

Summary of CVE-2026-44780 (Discourse) : The flaw arises in the ReviewableQueuedPostSerializer where, for posts arriving via incoming email, payload["raw_email"] was unconditionally included. This allowed category moderation group members in the review queue to access the full inbound email conten...

4.3CVSS5.2AI score0.00189EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/12 8:22 p.m.32 views

CVE-2026-44780 Discourse: Category queue reviewers can read raw incoming emails from queued posts

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, ReviewableQueuedPostSerializer unconditionally included payload"rawemail" for posts that arrived via incoming email...

4.3CVSS0.00189EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.21 views

PT-2026-48978

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description The ReviewableQueuedPostSerializer unconditionally includes the raw email payload for posts received via incoming email. This allo...

4.3CVSS5.2AI score0.00189EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.11 views

CVE-2026-3307

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the ownerid parameter in the request bod...

5.3CVSS5.6AI score0.0027EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in RustC

A issue was discovered in the Bidirectional Algorithm in the Unicode Specification through version 14.0. This algorithm allows for the visual reordering of characters through control sequences, which can be used to create source code that implements a logic different from the logical order of...

8.3CVSS7AI score0.12205EPSS
Exploits4References2
EUVD
EUVD
added 2026/04/22 12:31 a.m.6 views

EUVD-2026-24520

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the ownerid parameter in the request bod...

5.3CVSS5.9AI score0.0027EPSS
Exploits0References8
NVD
NVD
added 2026/04/21 11:16 p.m.9 views

CVE-2026-3307

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the ownerid parameter in the request bod...

5.3CVSS0.0027EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/21 10:23 p.m.34 views

CVE-2026-3307 Authorization bypass in GitHub Enterprise Server secret scanning push protection allows cross-repository modification of delegated bypass reviewers

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the ownerid parameter in the request bod...

5.3CVSS0.0027EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/21 10:23 p.m.4 views

CVE-2026-3307

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the ownerid parameter in the request bod...

5.3CVSS5.9AI score0.0027EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2026/04/21 10:23 p.m.25 views

CVE-2026-3307

GitHub Enterprise Server vulnerability CVE-2026-3307 allows an admin on one repository to modify the secret scanning push protection delegated bypass reviewers for another repository by changing the owner_id in the request body. Authorization is checked against the URL repository, but the action ...

5.3CVSS5.9AI score0.0027EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/21 10:23 p.m.5 views

CVE-2026-3307 Authorization bypass in GitHub Enterprise Server secret scanning push protection allows cross-repository modification of delegated bypass reviewers

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the ownerid parameter in the request bod...

5.3CVSS5.9AI score0.0027EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.5 views

PT-2026-34196

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the owner id parameter in the request...

5.3CVSS5.9AI score0.0027EPSS
Exploits0References9
HackRead
HackRead
added 2026/02/27 11:16 a.m.7 views

Hackers Use 1Campaign to Hide Malicious Ads From Google Reviewers

Varonis Threat Labs reveals 1Campaign, a platform used to trick Google Ads and hide phishing pages. Learn how this cloaking tool targets real users while evading security...

5.9AI score
Exploits0
Hacker One
Hacker One
added 2026/02/18 7:42 a.m.22 views

GitHub: Cross-repository IDOR in `/settings/security_analysis/bypass_reviewers` allows unauthorized delegated bypass reviewer modification

A vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository. Authorization was verified against the repository in the URL, but the action...

5.3CVSS5.9AI score0.0027EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/02/04 6:15 p.m.11 views

n8n's Improper CSP Enforcement in Webhook Responses May Allow Stored XSS

Impact A Cross-site Scripting XSS vulnerability has been identified in the handling of webhook responses and related HTTP endpoints. Under certain conditions, the Content Security Policy CSP sandbox protection intended to isolate HTML responses may not be applied correctly. An authenticated user...

8.5CVSS5.5AI score0.00224EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2025/12/02 6:32 a.m.2 views

Missing Authorization

Overview github-webhook-server is an A webhook server to manage Github repositories and pull requests. Affected versions of this package are vulnerable to Missing Authorization via unsafe loading of OWNERS files from pull-request–controlled repository checkouts. The...

5.4CVSS6.7AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/01/03 12:0 a.m.22 views

GitLab 0.0 < 14.2.6 / 14.3 < 14.3.4 / 14.4 < 14.4.1 (CVE-2021-42574)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft sourc...

8.3CVSS7.7AI score0.12205EPSS
Exploits4References2
Malwarebytes
Malwarebytes
added 2023/07/10 1:0 a.m.13 views

A week in security (July 3 - 9)

Last week on Malwarebytes Labs: How kids pay the price for ransomware attacks on education Solar monitoring systems exposed: Secure your devices Warning issued over vulnerability in cardiac device monitoring software Update Android now! Google patches three actively exploited zero-days Malicious ...

6.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/24 5:12 p.m.5 views

cfsshtunnel (>=0.1.7 <=0.2.1), click-reviewers-tools (>=0.70.0 <=0.84.0) +2 more potentially affected by CVE-2019-15796 via python-apt (=0.7.8)

python-apt PYPI version =0.7.8 is affected by a known vulnerability. The following packages have a transitive dependency on python-apt and may be impacted: - cfsshtunnel =0.1.7, =0.70.0, =0.84.0 - craft-parts =1.19.8 - plex-updater =0.1.0 Source cves: CVE-2019-15796 Source advisory:...

4.7CVSS5.8AI score0.00496EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/24 5:12 p.m.4 views

cfsshtunnel (>=0.1.7 <=0.2.1), click-reviewers-tools (>=0.70.0 <=0.84.0) +2 more potentially affected by CVE-2019-15795 via python-apt (=0.7.8)

python-apt PYPI version =0.7.8 is affected by a known vulnerability. The following packages have a transitive dependency on python-apt and may be impacted: - cfsshtunnel =0.1.7, =0.70.0, =0.84.0 - craft-parts =1.19.8 - plex-updater =0.1.0 Source cves: CVE-2019-15795 Source advisory:...

4.7CVSS5.8AI score0.0044EPSS
Exploits0
Rows per page
Query Builder