Lucene search
K

126 matches found

OSV
OSV
added 2025/12/26 3:30 a.m.15 views

GHSA-898P-HH3P-HF9R Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text

Gitea before 1.22.2 allows XSS because the search input box for creating tags and branches is v-html instead of v-text...

5.4CVSS6.2AI score0.00222EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/12/26 3:30 a.m.7 views

Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text

Gitea before 1.22.2 allows XSS because the search input box for creating tags and branches is v-html instead of v-text...

5.4CVSS6.4AI score0.00222EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/12/26 3:15 a.m.5 views

CVE-2025-68942

Gitea before 1.22.2 allows XSS because the search input box for creating tags and branches is v-html instead of v-text...

5.4CVSS0.00222EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/26 2:50 a.m.10 views

EUVD-2025-205413

Gitea before 1.22.2 allows XSS because the search input box for creating tags and branches is v-html instead of v-text...

5.4CVSS5.8AI score0.00222EPSS
Exploits0References5
CVE
CVE
added 2025/12/26 2:50 a.m.15 views

CVE-2025-68942

CVE-2025-68942 affects Gitea before 1.22.2. The XSS arises because the search input box used for creating tags and branches is rendered via v-html instead of v-text, allowing injected scripts to execute in the victim’s browser. Multiple connected sources corroborate this issue and reference the s...

5.4CVSS6AI score0.00222EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/26 12:0 a.m.4 views

PT-2025-53440

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.22.2 Description Gitea versions before 1.22.2 contain a cross-site scripting XSS issue. The search input box, used when creating tags and branches, utilizes v-html instead of v-text, which allows for the execution of...

5.4CVSS5.9AI score0.00222EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/12/26 12:0 a.m.7 views

Gitea 安全漏洞

Gitea is a lightweight Go-based git service developed by the Gitea community. A security vulnerability exists in Gitea versions prior to 1.22.2, which stems from the use of v-html instead of v-text in the search input box, which could lead to a cross-site scripting attack...

5.4CVSS7.2AI score0.00222EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/12/26 12:0 a.m.2 views

CVE-2025-68942

Gitea before 1.22.2 allows XSS because the search input box for creating tags and branches is v-html instead of v-text...

5.4CVSS7.1AI score0.00222EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/01 12:0 a.m.4 views

CVE-2025-63535

A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The application fails to properly sanitize usersupplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass...

9.6CVSS8AI score0.00352EPSS
Exploits0References3
NVD
NVD
added 2025/10/30 10:15 p.m.4 views

CVE-2022-50585

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.7 / Nagios XI 5.8.9 contains a cross-site scripting XSS vulnerability via the Audit Log page search input. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in...

5.4CVSS0.00405EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/30 9:34 p.m.14 views

CVE-2022-50585 Nagios XI < 5.8.9 Core Config Manager (CCM) XSS via Audit Log Page Search Input

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.7 / Nagios XI 5.8.9 contains a cross-site scripting XSS vulnerability via the Audit Log page search input. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in...

5.1CVSS0.00405EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 9:34 p.m.14 views

CVE-2022-50585

Nagios XI Core Config Manager (CCM) is affected in versions earlier than CCM 3.1.7 / Nagios XI 5.8.9 by a cross-site scripting (XSS) vulnerability via the Audit Log page search input. The issue stems from insufficient validation/escaping of user input, enabling an attacker to inject and execute a...

5.4CVSS5.7AI score0.00405EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2011-5240

Malware in sbrugna...

10CVSS6.4AI score0.03818EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-2965

Malware in sbrugna...

4.3CVSS6.4AI score0.01342EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-5869

Malware in sbrugna...

4.3CVSS6.3AI score0.01474EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-39614

Malicious code in bioql PyPI...

7.5CVSS9AI score0.00729EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-24636

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00217EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/25 7:30 p.m.3 views

CVE-2025-59816 Authenticated Union based SQL-injection in the search input field

This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords are stored in plaintext, significantly increasing the severity of this issue...

7.3CVSS6.3AI score0.00226EPSS
Exploits0References2
CVE
CVE
added 2025/09/25 7:30 p.m.13 views

CVE-2025-59816

CVE-2025-59816 affects Zenitel ICX500/ICX510 Billing Admin endpoint. Affects the Billing Admin component where attackers can query the underlying database directly, potentially retrieving all data including plaintext passwords. Root cause: database query exposure via the Billing Admin interface. ...

7.3CVSS6.4AI score0.00226EPSS
Exploits0References2
OSV
OSV
added 2025/09/08 11:15 p.m.5 views

CVE-2025-10110

A vulnerability was identified in ChanCMS up to 3.3.1. Impacted is an unknown function of the file /search/. The manipulation with the input '%20or%201=1%20%23/words.html leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...

8.8CVSS5.6AI score0.00306EPSS
Exploits1References4
Rows per page
Query Builder