浏览 114+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-5845 | Improper authorization fallback allows scoped user-to-server token installation escape in GitHub Enterprise Server | GitHub | Enterprise Server | - | - | 2026-04-21 22:42:13 | Deep Dive |
| CVE-2026-3307 | Authorization bypass in GitHub Enterprise Server secret scanning push protection allows cross-repository modification of delegated bypass reviewers | GitHub | Enterprise Server | - | - | 2026-04-21 22:23:25 | Deep Dive |
| CVE-2026-5512 | Improper authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository names via mobile upload policy API | GitHub | Enterprise Server | - | - | 2026-04-21 22:12:58 | Deep Dive |
| CVE-2026-4296 | Incorrect Regular Expression vulnerability in GitHub Enterprise Server allowed unauthorized access to user accounts via OAuth callback URL validation bypass | GitHub | Enterprise Server | - | - | 2026-04-21 22:12:45 | Deep Dive |
| CVE-2026-4821 | Proxy configuration command injection vulnerability found in GitHub Enterprise Server Management Console configuration API | GitHub | Enterprise Server | - | - | 2026-04-21 22:12:27 | Deep Dive |
| CVE-2026-5921 | Server-Side Request Forgery in GitHub Enterprise Server allowed extraction of sensitive environment variables via timing side-channel attack | GitHub | Enterprise Server | - | - | 2026-04-21 22:11:02 | Deep Dive |
| CVE-2026-3582 | Incorrect Authorization in GitHub Enterprise Server allows access to issue and commit search results without repo scope | GitHub | Enterprise Server | - | - | 2026-03-10 18:56:57 | Deep Dive |
| CVE-2026-2266 | Improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting via task list content and enabled arbitrary HTML injection | GitHub | Enterprise Server | - | - | 2026-03-10 18:55:39 | Deep Dive |
| CVE-2026-3306 | Improper authorization in GitHub Projects allows modification of issue and pull request metadata without repository write access | GitHub | Enterprise Server | - | - | 2026-03-10 17:46:57 | Deep Dive |
| CVE-2026-3854 | Remote code execution via git push option injection in GitHub Enterprise Server | GitHub | Enterprise Server | - | - | 2026-03-10 17:37:35 | Deep Dive |
| CVE-2026-1999 | Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized merging of pull requests | GitHub | Enterprise Server | 中危 | - | 2026-02-18 20:44:51 | Deep Dive |
| CVE-2026-1355 | Missing Authorization Check in GitHub Enterprise Server Allows Unauthorized Uploads to Repository Migration Exports | GitHub | Enterprise Server | 中危 | - | 2026-02-18 20:42:07 | Deep Dive |
| CVE-2026-0573 | Improper Handling of HTTP Redirects vulnerability was identified in GitHub Enterprise Server that allowed leaking of authorization token and enabled remote code execution | GitHub | Enterprise Server | 超危 | - | 2026-02-18 20:37:40 | Deep Dive |
| CVE-2025-13744 | Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed rendering of malicious HTML | GitHub | Enterprise Server | 中危 | - | 2026-01-06 20:44:03 | Deep Dive |
| CVE-2025-14046 | Insufficient HTML Sanitization Allows User-Controlled DOM Elements to Overwrite Server-Initialized Data Islands and Trigger Unintended Server-Side POST Requests | GitHub | Enterprise Server | - | - | 2025-12-11 17:52:05 | Deep Dive |
| CVE-2025-11578 | Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation | GitHub | Enterprise Server | 中危 | - | 2025-11-10 22:44:33 | Deep Dive |
| CVE-2025-11892 | DOM-based Cross-Site Scripting was identified in GitHub Enterprise Server Issues search allows privilege escalation and unauthorized workflow triggers | GitHub | Enterprise Server | 高危 | - | 2025-11-10 22:43:42 | Deep Dive |
| CVE-2025-8447 | Incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed read-only access | GitHub | Enterprise Server | - | - | 2025-08-26 01:42:37 | Deep Dive |
| CVE-2025-6981 | Incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized read-only access | GitHub | Enterprise Server | - | - | 2025-07-15 20:44:30 | Deep Dive |
| CVE-2025-6600 | GitHub Enterprise Server Information Disclosure Vulnerability Exposes Private Repository Names via Search API | GitHub | GitHub Enterprise Server | - | - | 2025-07-01 18:56:46 | Deep Dive |