CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

Packet Storm•added 2025/12/09 12:0 a.m.•138 views

📄 Beego 1.12.3 Directory Traversal / Local File Disclosure

Beego version 1.12.3 suffers from a directory traversal vulnerability that allows for local file disclosure. ============================================================================================================================================= | Title : Beego 1.12.3 Directory Traversal /...

6.8AI score

Exploits0

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-3454

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.00235EPSS

Exploits0References4

RedhatCVE•added 2025/05/22 8:43 p.m.•2 views

CVE-2021-39391

Cross Site Scripting XSS vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page...

6.1CVSS6.4AI score0.00241EPSS

Exploits1References1

SUSE CVE•added 2025/04/05 2:24 a.m.•3 views

SUSE CVE-2025-30223

Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting XSS vulnerability exists in Beego's RenderForm function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious JavaScript code that...

9.6CVSS5.9AI score0.00451EPSS

Exploits1References3

RedhatCVE•added 2025/04/02 4:37 p.m.•13 views

CVE-2025-30223

9.6CVSS5.9AI score0.00451EPSS

Exploits1References1

NVD•added 2025/03/31 5:15 p.m.•11 views

CVE-2025-30223

9.6CVSS0.00451EPSS

Exploits1References2

Github Security Blog•added 2025/03/31 4:55 p.m.•13 views

Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input

Summary A Cross-Site Scripting XSS vulnerability exists in Beego's RenderForm function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious JavaScript code that executes in victims' browsers, potentially leading to session hijacking,...

9.6CVSS5.4AI score0.00451EPSS

Exploits1References5Affected Software2

OSV•added 2025/03/31 4:55 p.m.•10 views

GHSA-2J42-H78H-Q4FG Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input

9.3CVSS5.4AI score0.00451EPSS

Exploits1References5

Snyk•added 2025/03/31 4:42 p.m.•1 views

Cross-site Scripting (XSS)

Overview github.com/beego/beego/v2/server/web is an open-source, high-performance, modular, full-stack web framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the renderFormField function in templatefunc.go. If an application is using RenderForm, an attacker...

9.6CVSS5.4AI score0.00451EPSS

Exploits1References2

Vulnrichment•added 2025/03/31 4:17 p.m.•4 views

CVE-2025-30223 Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input

9.3CVSS5.7AI score0.00451EPSS

Exploits1References2

Cvelist•added 2025/03/31 4:17 p.m.•9 views

CVE-2025-30223 Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input

9.3CVSS0.00451EPSS

Exploits1References2

CVE•added 2025/03/31 4:17 p.m.•272 views

CVE-2025-30223

Beego (Go framework) contains an XSS vulnerability in RenderForm() up to version 2.3.5, caused by improper HTML escaping of user-controlled data. This allows injection of attacker-controlled JavaScript in rendered forms, potentially enabling session hijacking, credential theft, or account takeove...

9.6CVSS7.8AI score0.00451EPSS

Exploits1References2Affected Software1

OSV•added 2025/03/31 4:17 p.m.•8 views

CVE-2025-30223 Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input

9.3CVSS6.7AI score0.00451EPSS

Exploits1References4

CNNVD•added 2025/03/31 12:0 a.m.•1 views

Beego 跨站脚本漏洞

Beego is an open source web framework based on the Go language from Beego Open Source. A cross-site scripting vulnerability exists in Beego versions prior to 2.3.6, which stems from a cross-site scripting attack in the RenderForm function that could lead to session hijacking, credential theft, or...

9.6CVSS7AI score0.00451EPSS

Exploits1References3

SUSE CVE•added 2024/12/20 3:48 a.m.•2 views

SUSE CVE-2024-55885

beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256...

7.5CVSS6.9AI score0.00235EPSS

Exploits0References3

NVD•added 2024/12/12 8:15 p.m.•12 views

CVE-2024-55885

7.5CVSS0.00235EPSS

Exploits0References2

Cvelist•added 2024/12/12 7:23 p.m.•16 views

CVE-2024-55885 Beego Vulnerable to Collision Hazards of MD5 in Cache Key Filenames

6.9CVSS0.00235EPSS

Exploits0References2

OSV•added 2024/12/12 7:23 p.m.•7 views

CVE-2024-55885 Beego Vulnerable to Collision Hazards of MD5 in Cache Key Filenames

6.9CVSS7.4AI score0.00235EPSS

Exploits0References4

CVE•added 2024/12/12 7:23 p.m.•55 views

CVE-2024-55885

CVE-2024-55885 affects Beego (Go). Beego versions prior to 2.3.4 use MD5 for hashing; MD5 is insecure against collisions. Beego 2.3.4 replaces MD5 with SHA256. Remediation: upgrade Beego to 2.3.4 or later to mitigate the issue. References indicate this is tied to Beego security advisories and com...

7.5CVSS6.5AI score0.00235EPSS

Exploits0References2Affected Software1

CNNVD•added 2023/04/17 12:0 a.m.•1 views

go-bbs 代码问题漏洞

go-bbs is a switchable template BBS social blogging system based on Beego development. A security vulnerability exists in go-bbs v1, which was discovered via component/api/v1/download and contains an arbitrary file download vulnerability...

8.8CVSS8.2AI score0.00335EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by