CVE-2026-40938

The CVE concerns Tekton Pipelines’ git resolver (1.0.0–1.10.x) where the revision parameter is passed to git fetch as a positional argument without validating it does not start with a dash. An attacker can inject git fetch flags (e.g., --upload-pack=) because git treats mixed positional arguments...

EUVD-2026-24491

Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE...

Tekton Pipelines 参数注入漏洞

Tekton Pipelines is a cloud-native pipeline developed by Tekton Open Source. In versions 1.0.0 to 1.11.0 of Tekton Pipelines, there is a parameter injection vulnerability. This vulnerability stems from the fact that the revision parameter of the git resolver is passed directly as a positional...

EUVD-2025-30224

Malicious code in bioql PyPI...

CVE-2025-30755

OpenGrok 1.14.1 has a reflected Cross-Site Scripting XSS issue when producing the cross reference page. This happens through improper handling of the revision parameter. The application reflects unsanitized user input into the HTML output...

CVE-2025-30755

OpenGrok 1.14.1 has a reflected Cross-Site Scripting XSS issue when producing the cross reference page. This happens through improper handling of the revision parameter. The application reflects unsanitized user input into the HTML output...

CVE-2025-30755

OpenGrok 1.14.1 has a reflected Cross-Site Scripting XSS issue when producing the cross reference page. This happens through improper handling of the revision parameter. The application reflects unsanitized user input into the HTML output...

Oracle OpenGrok 安全漏洞

Oracle OpenGrok is a fast and efficient source code search and cross-reference tool from Oracle Corporation that supports multiple programming languages for navigating and analyzing large code bases. A security vulnerability exists in Oracle OpenGrok version 1.14.1, which stems from improper...

CVE-2025-30755

OpenGrok 1.14.1 has a reflected Cross-Site Scripting XSS issue when producing the cross reference page. This happens through improper handling of the revision parameter. The application reflects unsanitized user input into the HTML output...

CVE-2025-30755

CVE-2025-30755 affects OpenGrok 1.14.1. It describes a reflected Cross-Site Scripting (XSS) in the cross reference page due to improper handling of the revision parameter, reflecting unsanitized user input into HTML. CVSS details indicate Network attack, no privileges, user interaction required, ...

PT-2025-38498

Name of the Vulnerable Software and Affected Versions OpenGrok version 1.14.1 Description The application reflects unsanitized user input into the HTML output, leading to a reflected Cross-Site Scripting XSS issue when producing the cross reference page. This occurs due to improper handling of th...

The vulnerability of the XWiki Platform, a platform for creating collaborative web applications, stems from the lack of protective measures for the website structure. This allows attackers to carry out cross-site scripting attacks.

The vulnerability of the XWiki Platform lies in the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks through the rev parameter...

XWiki Platform 安全漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform versions 2.0 through 14.10.7 and 15.0-rc-1 through 15.2-rc-1, which stems from the fact that it is still possible to explo...

OS Command Injection

vizion is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands via the revertTo function in vizion.js through the revision parameter...