VYPR

Vendor CVEs

GitHub

All CVEs

201 total · sorted by risk
  • CVE-2017-17632CriDec 13, 2017
    risk 0.67cvss 9.8epss 0.02

    Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.

  • CVE-2024-46627CriSep 26, 2024
    risk 0.66cvss 9.1epss 0.04

    Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests.

  • CVE-2026-8034CriMay 7, 2026
    risk 0.64cvss 9.8epss 0.00

    A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname…

  • CVE-2024-25825CriOct 9, 2024
    risk 0.64cvss 9.8epss 0.01

    FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved as a wildcard. This allows attackers to gain root access without a password.

  • CVE-2018-18075CriOct 9, 2018
    risk 0.64cvss 9.8epss 0.02

    WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter.

  • CVE-2017-18215CriMar 5, 2018
    risk 0.64cvss 9.8epss 0.02

    xvpng.c in xv 3.10a has memory corruption (out-of-bounds write) when decoding PNG comment fields, leading to crashes or potentially code execution, because it uses an incorrect length value.

  • CVE-2026-5845CriApr 21, 2026
    risk 0.62cvss 9.6epss 0.00

    An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an…

  • CVE-2026-44451CriMay 26, 2026
    risk 0.60cvss 9.3epss 0.00

    Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals (fetch, window, eval, etc.) with undefined. A static source validator…

  • CVE-2026-5921HigApr 21, 2026
    risk 0.58cvss 8.9epss 0.00

    A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was…

  • CVE-2026-41109HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.

  • CVE-2026-4296HigApr 21, 2026
    risk 0.57cvss 8.8epss 0.00

    An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party OAuth application's registered callback URL could craft a malicious…

  • CVE-2026-3854HigMar 10, 2026
    risk 0.57cvss 8.8epss 0.24

    An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were…

  • CVE-2024-43653HigJan 9, 2025
    risk 0.57cvss 8.8epss 0.02

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability  allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: Moderate – The binary does not…

  • CVE-2024-43649HigJan 9, 2025
    risk 0.57cvss 8.8epss 0.02

    Authenticated command injection in the filename of a .exe request leads to remote code execution as the root user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate – This action is not a common place for command…

  • CVE-2026-4931HigApr 7, 2026
    risk 0.56cvss 8.6epss 0.00

    Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settle a large debt position for a negligible asset cost.

  • CVE-2025-53367HigJul 3, 2025
    risk 0.55cvss epss 0.01

    DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerability, because it does not check that the xr pointer stays within the bounds of the…

  • CVE-2026-9312HigMay 27, 2026
    risk 0.53cvss 8.2epss 0.07

    A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to send crafted requests to internal services by exploiting insufficient input validation in an upload endpoint. By injecting path traversal…

  • CVE-2025-71216HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target…

  • CVE-2026-34676HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2018-10778HigMay 7, 2018
    risk 0.51cvss 7.8epss 0.01

    Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872 and…

  • CVE-2024-42018HigOct 11, 2024
    risk 0.50cvss 7.7epss 0.00

    An issue was discovered in Atos Eviden SMC xScale before 1.6.6. During initialization of nodes, some configuration parameters are retrieved from management nodes. These parameters embed credentials whose integrity and confidentiality may be important to the security of the HPC…

  • CVE-2026-7541HigMay 7, 2026
    risk 0.49cvss 7.5epss 0.00

    A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled…

  • CVE-2018-12025HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    The transferFrom function of a smart contract implementation for FuturXE (FXE), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized transfer of digital assets because of a logic error. The developer messed up with the boolean judgment - if the input value is…

  • CVE-2012-2055HigApr 5, 2012
    risk 0.49cvss 7.5epss 0.02

    GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass assignment"…

  • CVE-2026-5435HigApr 28, 2026
    risk 0.47cvss 7.3epss 0.00

    The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.

  • CVE-2024-50967MedJan 17, 2025
    risk 0.46cvss 6.5epss 0.02

    The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely access this endpoint without authentication, leading to unauthorized disclosure of sensitive information.

  • CVE-2024-6880MedJan 10, 2025
    risk 0.45cvss epss 0.00

    During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms.  Publicly available source code of "/registered.php" discloses that path, allowing an…

  • CVE-2026-45033HigMay 13, 2026
    risk 0.44cvss 7.8epss 0.00

    GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution…

  • CVE-2026-29783HigMar 6, 2026
    risk 0.44cvss 7.8epss 0.00

    The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent (e.g., via prompt injection through repository…

  • CVE-2026-6736MedMay 7, 2026
    risk 0.42cvss 6.5epss 0.00

    An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not…

  • CVE-2026-1999MedFeb 18, 2026
    risk 0.42cvss 6.5epss 0.00

    An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting an authorization bypass in the enable_auto_merge mutation for pull requests.…

  • CVE-2026-48501HigMay 29, 2026
    risk 0.41cvss 7.4epss 0.00

    GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP…

  • CVE-2026-8106MedMay 7, 2026
    risk 0.40cvss 6.1epss 0.00

    A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirect_to query parameter on the /setup/unlock endpoint was reflected into an HTML attribute without proper…

  • CVE-2017-12856MedAug 29, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to index.php.

  • CVE-2025-24362HigJan 24, 2025
    risk 0.39cvss epss 0.01

    In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to…

  • CVE-2026-8606MedMay 27, 2026
    risk 0.38cvss 5.9epss 0.00

    A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal…

  • CVE-2024-54090MedFeb 11, 2025
    risk 0.38cvss 5.9epss 0.00

    A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices contain an out-of-bounds read in the memory dump function. This could allow an attacker…

  • CVE-2026-23653MedApr 14, 2026
    risk 0.37cvss 5.7epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.

  • CVE-2025-23040MedJan 15, 2025
    risk 0.36cvss 6.6epss 0.01

    GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user's credentials through the use of maliciously crafted remote URL.…

  • CVE-2025-1595MedFeb 23, 2025
    risk 0.35cvss 5.3epss 0.01

    A vulnerability has been found in Anhui Xufan Information Technology EasyCVR up to 2.7.0 and classified as problematic. This vulnerability affects unknown code of the file /api/v1/getbaseconfig. The manipulation leads to information disclosure. The attack can be initiated…

  • CVE-2026-5512MedApr 21, 2026
    risk 0.28cvss 4.3epss 0.00

    An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and…

  • CVE-2018-15982KEVJan 18, 2019
    risk 0.28cvss epss 0.82

    Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2026-3307LowApr 21, 2026
    risk 0.18cvss 2.7epss 0.00

    An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the owner_id parameter…

  • CVE-2026-45803LowMay 15, 2026
    risk 0.16cvss 3.5epss 0.00

    `gh` is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view…

  • CVE-2025-48064LowMay 21, 2025
    risk 0.14cvss 3.3epss 0.00

    GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Prior to version 3.4.20-beta3, an attacker convincing a user to view a file in a commit of their making in the history view can cause information disclosure by means of Git attempting to…

  • CVE-2024-0507Jan 16, 2024
    risk 0.06cvss epss 0.66

    An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3,…

  • CVE-2024-0200Jan 16, 2024
    risk 0.06cvss epss 0.72

    An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged…

  • CVE-2017-18365Mar 28, 2019
    risk 0.06cvss epss 0.21

    The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code.…

  • CVE-2018-19753Dec 5, 2018
    risk 0.06cvss epss 0.17

    Tarantella Enterprise before 3.11 allows Directory Traversal.

  • CVE-2024-9487Oct 10, 2024
    risk 0.04cvss epss 0.22

    An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted…

Page 1 of 5