126 matches found
GHSA-898P-HH3P-HF9R Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text
Gitea before 1.22.2 allows XSS because the search input box for creating tags and branches is v-html instead of v-text...
Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text
Gitea before 1.22.2 allows XSS because the search input box for creating tags and branches is v-html instead of v-text...
CVE-2025-68942
Gitea before 1.22.2 allows XSS because the search input box for creating tags and branches is v-html instead of v-text...
EUVD-2025-205413
Gitea before 1.22.2 allows XSS because the search input box for creating tags and branches is v-html instead of v-text...
CVE-2025-68942
CVE-2025-68942 affects Gitea before 1.22.2. The XSS arises because the search input box used for creating tags and branches is rendered via v-html instead of v-text, allowing injected scripts to execute in the victim’s browser. Multiple connected sources corroborate this issue and reference the s...
PT-2025-53440
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.22.2 Description Gitea versions before 1.22.2 contain a cross-site scripting XSS issue. The search input box, used when creating tags and branches, utilizes v-html instead of v-text, which allows for the execution of...
Gitea 安全漏洞
Gitea is a lightweight Go-based git service developed by the Gitea community. A security vulnerability exists in Gitea versions prior to 1.22.2, which stems from the use of v-html instead of v-text in the search input box, which could lead to a cross-site scripting attack...
CVE-2025-68942
Gitea before 1.22.2 allows XSS because the search input box for creating tags and branches is v-html instead of v-text...
CVE-2025-63535
A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The application fails to properly sanitize usersupplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass...
CVE-2022-50585
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.7 / Nagios XI 5.8.9 contains a cross-site scripting XSS vulnerability via the Audit Log page search input. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in...
CVE-2022-50585 Nagios XI < 5.8.9 Core Config Manager (CCM) XSS via Audit Log Page Search Input
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.7 / Nagios XI 5.8.9 contains a cross-site scripting XSS vulnerability via the Audit Log page search input. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in...
CVE-2022-50585
Nagios XI Core Config Manager (CCM) is affected in versions earlier than CCM 3.1.7 / Nagios XI 5.8.9 by a cross-site scripting (XSS) vulnerability via the Audit Log page search input. The issue stems from insufficient validation/escaping of user input, enabling an attacker to inject and execute a...
EUVD-2011-5240
Malware in sbrugna...
EUVD-2006-2965
Malware in sbrugna...
EUVD-2013-5869
Malware in sbrugna...
EUVD-2024-39614
Malicious code in bioql PyPI...
EUVD-2025-24636
Malicious code in bioql PyPI...
CVE-2025-59816 Authenticated Union based SQL-injection in the search input field
This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords are stored in plaintext, significantly increasing the severity of this issue...
CVE-2025-59816
CVE-2025-59816 affects Zenitel ICX500/ICX510 Billing Admin endpoint. Affects the Billing Admin component where attackers can query the underlying database directly, potentially retrieving all data including plaintext passwords. Root cause: database query exposure via the Billing Admin interface. ...
CVE-2025-10110
A vulnerability was identified in ChanCMS up to 3.3.1. Impacted is an unknown function of the file /search/. The manipulation with the input '%20or%201=1%20%23/words.html leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...