|
2011
|
7.5 |
HIGH
Network
|
prometheus
|
prometheus
|
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/a…
|
CWE-200
CWE-312
Information Exposure
Cleartext Storage of Sensitive Information
|
CVE-2026-42151
|
2026-05-12 02:22 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2012
|
6.5 |
MEDIUM
Network
|
github
|
enterprise_server
|
An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity p…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-6736
|
2026-05-12 02:20 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2013
|
9.9 |
CRITICAL
Network
|
mozilla
|
0din_scanner
|
ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in `BrowserAutomati…
|
CWE-94
Code Injection
|
CVE-2026-41512
|
2026-05-12 02:20 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2014
|
7.5 |
HIGH
Network
|
github
|
enterprise_server
|
A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON p…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-7541
|
2026-05-12 02:19 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2015
|
9.8 |
CRITICAL
Network
|
github
|
enterprise_server
|
A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusi…
|
CWE-436
CWE-918
Interpretation Conflict
Server-Side Request Forgery (SSRF)
|
CVE-2026-8034
|
2026-05-12 02:18 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2016
|
6.1 |
MEDIUM
Network
|
github
|
enterprise_server
|
A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirect_to query parameter on the /setup/…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8106
|
2026-05-12 02:12 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2017
|
7.2 |
HIGH
Network
|
tenda
|
ac6_firmware
|
A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip lea…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-8259
|
2026-05-12 02:07 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2018
|
8.8 |
HIGH
Network
|
tenda
|
ac6_firmware
|
A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation …
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-8264
|
2026-05-12 02:04 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2019
|
7.2 |
HIGH
Network
|
tenda
|
ac6_firmware
|
A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get_log_file of the file /goform/getLogFile of the component httpd. The manipulation of the…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-8265
|
2026-05-12 02:03 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2020
|
5.4 |
MEDIUM
Network
|
weblate
|
weblate
|
Weblate is a web based localization tool. Prior to version 5.17.1, when a user changes their password, browser sessions are correctly invalidated via "cycle_session_keys()", but DRF API tokens ("wlu_…
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-41519
|
2026-05-12 02:00 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
