CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

120 matches found

Packet Storm•added 2026/06/12 12:0 a.m.•55 views

📄 Gogs 0.14.2 Argument Injection

Proof of concept exploit for an argument injection vulnerability in Gogs versions 0.14.2 and below and versions 0.15.0+dev and below. ================================================================================================================================== | Title : Gogs Git Rebase Argume...

5.3AI score

Exploits0

Vulnrichment•added 2026/06/08 6:38 p.m.•6 views

CVE-2026-11393 Code injection via improper triple-quote escaping in AgentCore CLI Bedrock Agent import

Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS AgentCore Runtime under the imported agent's IAM execution role and on the local environment of anothe...

9CVSS6.3AI score0.0034EPSS

Exploits0References5

ATTACKERKB•added 2026/06/08 6:38 p.m.•5 views

CVE-2026-11393

9CVSS6.3AI score0.0034EPSS

Exploits0References6Affected Software1

Positive Technologies•added 2026/06/08 12:0 a.m.•7 views

PT-2026-47432

Name of the Vulnerable Software and Affected Versions AgentCore CLI versions prior to 0.14.2 Description Improper neutralization of triple-quote characters during Python code generation allows an authenticated remote actor to execute arbitrary code. This occurs when a crafted...

9CVSS6.2AI score0.0034EPSS

Exploits0References9

vulnersOsv•added 2026/05/11 2:28 p.m.•4 views

bsky2llm (=0.1.0), downitall-android (=1.5.0) +14 more potentially affected by CVE-2026-44353 via streamlink (>=0.14.2 <=8.0.0)

streamlink PYPI version =0.14.2, =0.3.0, =0.0.1, =0.0.18, =1.0.0, =0.12.0, =0.1.14, =1.1.0, =0.0.1, =2.1.0, =3.4.0b2 - twitch-fapi-backend =0.1.0 and more Source cves: CVE-2026-44353 Source advisory: OSV:GHSA-HGQW-6M45-HW5F...

6.5CVSS5.4AI score0.00298EPSS

Exploits1

SUSE CVE•added 2026/03/25 12:27 a.m.•4 views

SUSE CVE-2026-26022

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, a stored cross-site scripting XSS vulnerability exists in the comment and issue description functionality. The application's HTML sanitizer explicitly allows data: URI schemes, enabling authenticated users to inject arbitrar...

8.7CVSS6AI score0.00306EPSS

Exploits1References3

SUSE CVE•added 2026/03/25 12:27 a.m.•3 views

SUSE CVE-2026-26194

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...

8.8CVSS5.7AI score0.00297EPSS

Exploits1References3

SUSE CVE•added 2026/03/25 12:27 a.m.•2 views

SUSE CVE-2026-26195

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, stored xss is still possible through unsafe template rendering that mixes user input with safe plus permissive sanitizer handling of data urls. This issue has been patched in version 0.14.2...

6.9CVSS5.7AI score0.00189EPSS

Exploits0References3

SUSE CVE•added 2026/03/25 12:27 a.m.•5 views

SUSE CVE-2026-26276

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository's Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. This issue has been patched in...

7.3CVSS5.8AI score0.00184EPSS

Exploits0References3

Cvelist•added 2026/03/11 5:49 p.m.•23 views

CVE-2026-31866 Allocation of Resources Without Limits or Throttling in flagd

flagd is a feature flag daemon with a Unix philosophy. Prior to 0.14.2, flagd exposes OFREP /ofrep/v1/evaluate/... and gRPC evaluation.v1, evaluation.v2 endpoints for feature flag evaluation. These endpoints are designed to be publicly accessible by client applications. The evaluation context...

7.5CVSS0.0042EPSS

Exploits0References2

Vulnrichment•added 2026/03/11 5:49 p.m.•0 views

CVE-2026-31866 Allocation of Resources Without Limits or Throttling in flagd

7.5CVSS5.7AI score0.0042EPSS

Exploits0References2

CVE•added 2026/03/11 5:49 p.m.•7 views

CVE-2026-31866

CVE-2026-31866 affects the flagd feature flag daemon (prior to v0.14.2). The vulnerability is that the evaluation endpoints (OFREP /ofrep/v1/evaluate/… and gRPC evaluation.v1/v2) accept request bodies with no size limit, reading the evaluation context into memory and enabling an attacker to send ...

7.5CVSS5.7AI score0.0042EPSS

Exploits0References2Affected Software1