Linux Distros Unpatched Vulnerability : CVE-2021-45329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross Site Scripting XSS vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field. CVE-2021-45329...

Linux Distros Unpatched Vulnerability : CVE-2022-2235

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1....

Cross-Site Scripting (XSS)

roundup is vulnerable to cross-site scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in URLs when interacting with issue tracker templates devel and responsive, which allows an attacker to inject and execute arbitrary scripts in the context of a user's brows...

CVE-2025-53865

In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates devel and responsive...

Roundup is vulnerable to XSS through interactions between URLs and issue tracker templates

In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates devel and responsive...

GHSA-QXH9-QMF2-RHWC Roundup is vulnerable to XSS through interactions between URLs and issue tracker templates

In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates devel and responsive...

PYSEC-2025-69

In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates devel and responsive...

Cross-site Scripting (XSS)

Overview roundup is a simple-to-use and -install issue-tracking system with command-line, web and e-mail interfaces. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the interaction between URLs and issue tracker templates. An attacker can execute arbitrary scripts...

PYSEC-2025-69

In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates devel and responsive...

CVE-2025-53865

In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates devel and responsive...

UBUNTU-CVE-2025-53865

In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates devel and responsive...

CVE-2025-53865

Vulnerability details (CVE-2025-53865): Roundup before 2.5.0 is vulnerable to cross-site scripting via the interaction between URLs and issue-tracker templates (devel and responsive). Affected component: Roundup up to version 2.4.x; root cause: XSS caused by URL/template interaction. Practical im...

CVE-2025-53865

In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates devel and responsive...

PT-2025-29382 · Roundup · Roundup

Name of the Vulnerable Software and Affected Versions: Roundup versions prior to 2.5.0 Description: Roundup is susceptible to a cross-site scripting issue. This occurs through the interaction between URLs and issue tracker templates devel and responsive. Recommendations: Update Roundup to version...

CVE-2025-53865

In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates devel and responsive...

CVE-2023-39174

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers...

CVE-2022-49264

In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting1 Ariadne Conill: "In several other operating systems, it is a hard requirement that the second argument to execve2 be the name of a program, thus prohibiting a scenario...

Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint

Summary This report details a security vulnerability in Argo CD, where an unauthenticated attacker can send a specially crafted large JSON payload to the /api/webhook endpoint, causing excessive memory allocation that leads to service disruption by triggering an Out Of Memory OOM kill. The issue...

GHSA-3CQF-953P-H5CP Argo-cd authenticated users can enumerate clusters by name

Impact It’s possible for authenticated users to enumerate clusters by name by inspecting error messages: $ curl -k 'https://localhost:8080/api/v1/clusters/in-cluster?id.type=name' -H "Authorization: Bearer $token" "error":"permission denied: clusters, get, , sub: alice, iat:...

JetBrains TeamCity Issue Tracker Integrates Cross-Site Scripting Vulnerabilities

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a cross-site...