Lucene search
K

4 matches found

CVE
CVE
added 2026/05/07 9:18 p.m.32 views

CVE-2026-8034

CVE-2026-8034 is a server-side request forgery (SSRF) vulnerability in the GitHub Enterprise Server notebook viewer. The issue stems from URL parser confusion between the validation layer and the HTTP request library, where hostname validation uses a different parser than the request library, all...

9.8CVSS5.8AI score0.00377EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/07 9:18 p.m.6 views

CVE-2026-8034

A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...

7.9CVSS5.8AI score0.00377EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/05/07 9:18 p.m.74 views

CVE-2026-8034 Server-side request forgery vulnerability in GitHub Enterprise Server notebook viewer via URL parser confusion

A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...

7.9CVSS0.00377EPSS
Exploits0References5
Hacker One
Hacker One
added 2022/07/01 5:1 a.m.90 views

Glassdoor: Web Cache Poisoning leads to XSS and DoS

@nokline and @bombon were able to utilize URL parser confusion in combination with reflected XSS under https://glassdoor.com/Job/ and https://glassdoor.com/mz-survey/interview/collectQuestionsinput.htm/ by caching XSS payloads via cookie and header params into a stored XSS for URLs /Award/ and...

6.2AI score
Exploits0
Rows per page
Query Builder