27 matches found
CVE-2026-3307
An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the ownerid parameter in the request bod...
Astra Linux - уязвимость в rustc
A issue was discovered in the Bidirectional Algorithm in the Unicode Specification through version 14.0. This algorithm allows for the visual reordering of characters through control sequences, which can be used to create source code that implements logic different from the logical order of token...
EUVD-2026-24520
An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the ownerid parameter in the request bod...
CVE-2026-3307
An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the ownerid parameter in the request bod...
CVE-2026-3307 Authorization bypass in GitHub Enterprise Server secret scanning push protection allows cross-repository modification of delegated bypass reviewers
An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the ownerid parameter in the request bod...
CVE-2026-3307
An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the ownerid parameter in the request bod...
CVE-2026-3307 Authorization bypass in GitHub Enterprise Server secret scanning push protection allows cross-repository modification of delegated bypass reviewers
An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the ownerid parameter in the request bod...
CVE-2026-3307
GitHub Enterprise Server vulnerability CVE-2026-3307 allows an admin on one repository to modify the secret scanning push protection delegated bypass reviewers for another repository by changing the owner_id in the request body. Authorization is checked against the URL repository, but the action ...
PT-2026-34196
An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the owner id parameter in the request...
Hackers Use 1Campaign to Hide Malicious Ads From Google Reviewers
Varonis Threat Labs reveals 1Campaign, a platform used to trick Google Ads and hide phishing pages. Learn how this cloaking tool targets real users while evading security...
GitHub: Cross-repository IDOR in `/settings/security_analysis/bypass_reviewers` allows unauthorized delegated bypass reviewer modification
A vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository. Authorization was verified against the repository in the URL, but the action...
n8n's Improper CSP Enforcement in Webhook Responses May Allow Stored XSS
Impact A Cross-site Scripting XSS vulnerability has been identified in the handling of webhook responses and related HTTP endpoints. Under certain conditions, the Content Security Policy CSP sandbox protection intended to isolate HTML responses may not be applied correctly. An authenticated user...
Missing Authorization
Overview github-webhook-server is an A webhook server to manage Github repositories and pull requests. Affected versions of this package are vulnerable to Missing Authorization via unsafe loading of OWNERS files from pull-request–controlled repository checkouts. The...
GitLab 0.0 < 14.2.6 / 14.3 < 14.3.4 / 14.4 < 14.4.1 (CVE-2021-42574)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft sourc...
A week in security (July 3 - 9)
Last week on Malwarebytes Labs: How kids pay the price for ransomware attacks on education Solar monitoring systems exposed: Secure your devices Warning issued over vulnerability in cardiac device monitoring software Update Android now! Google patches three actively exploited zero-days Malicious ...
cfsshtunnel (>=0.1.7 <=0.2.1), click-reviewers-tools (>=0.70.0 <=0.84.0) +2 more potentially affected by CVE-2019-15796 via python-apt (=0.7.8)
python-apt PYPI version =0.7.8 is affected by a known vulnerability. The following packages have a transitive dependency on python-apt and may be impacted: - cfsshtunnel =0.1.7, =0.70.0, =0.84.0 - craft-parts =1.19.8 - plex-updater =0.1.0 Source cves: CVE-2019-15796 Source advisory:...
cfsshtunnel (>=0.1.7 <=0.2.1), click-reviewers-tools (>=0.70.0 <=0.84.0) +2 more potentially affected by CVE-2019-15795 via python-apt (=0.7.8)
python-apt PYPI version =0.7.8 is affected by a known vulnerability. The following packages have a transitive dependency on python-apt and may be impacted: - cfsshtunnel =0.1.7, =0.70.0, =0.84.0 - craft-parts =1.19.8 - plex-updater =0.1.0 Source cves: CVE-2019-15795 Source advisory:...
Dart has an unspecified vulnerability
Dart is an open source programming language. A security vulnerability exists in the Dart SDK, which could be exploited by an attacker to embed source code that is not visible to code reviewers to modify the behavior of the program in unexpected ways...
environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks
A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...
CVE-2021-42574
A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...