Lucene search
K

2014 matches found

RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-58517

A flaw was found in The Wikimedia Foundation Mediawiki - WikiLambda Extension. This vulnerability, caused by improper neutralization of input terminators, allows an attacker to bypass authentication. This could lead to unauthorized access to the system. Mitigation To mitigate this vulnerability,...

9.1CVSS5.7AI score0.00342EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday60 views

Tiki Wiki CMS Groupware 5.2 - Local File Inclusion

Tiki Wiki CMS Groupware 5.2 is susceptible to a local file inclusion vulnerability. id: CVE-2010-4239 info: name: Tiki Wiki CMS Groupware 5.2 - Local File Inclusion author: 0xakoko severity: critical description: Tiki Wiki CMS Groupware 5.2 is susceptible to a local file inclusion vulnerability...

9.8CVSS7.3AI score0.1343EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday20 views

Tiki Wiki CMS GroupWare - Authentication Bypass

tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts. id: CVE-2020-15906 info: name: Tiki Wiki CMS GroupWare - Authentication Bypass author: JeonSungHyunnukunga,gy741,oIfloraIo,nechyo,harksu severity: critical description: | tiki-login.php in...

9.8CVSS7.3AI score0.27362EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday29 views

Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting

Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site scripting via the GET "ajax" parameter to snarfajax.php. id: CVE-2011-4336 info: name: Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting author: pikpikcu severity: medium description: Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site...

6.1CVSS6.2AI score0.07652EPSS
Exploits1References3
CVE
CVE
added 2 days ago8 views

CVE-2026-58517

CVE-2026-58517 concerns the Wikimedia Foundation’s MediaWiki WikiLambda Extension, with an issue labeled as an improper neutralization of input terminators that enables an authentication bypass. Affected versions are WikiLambda Extension releases prior to 1.43.9, 1.44.6, and 1.45.4. The CVSS 4.0 ...

6.9CVSS5.8AI score0.00342EPSS
Exploits0References2
NVD
NVD
added 2 days ago5 views

CVE-2026-58025

Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4,...

5.9CVSS0.00342EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 9:16 p.m.9 views

CVE-2026-52808

Gogs is an open source self-hosted Git service. Prior to 0.14.3, three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:owner/:repo/mirror-sync — are gated by reqRepoWriter rather than reqRepoAdmin. The equivalent...

7.1CVSS0.00478EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 9:16 p.m.9 views

CVE-2025-64719

Gogs is an open source self-hosted Git service. Prior to 0.14.3, a malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the pages containing the listing of files will return HTTP error 500 and render the web interface...

4.9CVSS0.0044EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 8:27 p.m.21 views

CVE-2026-52808 Gogs: Write-level collaborators can mutate admin-only repository settings via API

Gogs is an open source self-hosted Git service. Prior to 0.14.3, three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:owner/:repo/mirror-sync — are gated by reqRepoWriter rather than reqRepoAdmin. The equivalent...

7.1CVSS0.00478EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 8:3 p.m.16 views

CVE-2025-64719 Gogs: Denial of Service in repository/wiki file listing web pages

Gogs is an open source self-hosted Git service. Prior to 0.14.3, a malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the pages containing the listing of files will return HTTP error 500 and render the web interface...

4.9CVSS0.0044EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 8:3 p.m.10 views

CVE-2025-64719

Summary (concrete details available) : Gogs (self-hosted Git service) is affected by CVE-2025-64719. A malicious user with rights to create a file on a repo or wiki can trigger a denial of service by causing the pages listing files to return HTTP 500 when commit-recovery logic in internal/route/r...

4.9CVSS5.9AI score0.0044EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 5:3 p.m.2 views

GHSA-268J-37XF-PP52 Gogs's write-level collaborators can mutate admin-only repository settings via API

Summary Three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:owner/:repo/mirror-sync — are gated by reqRepoWriter rather than reqRepoAdmin. The equivalent operations in the web UI sit behind reqRepoAdmin, which requir...

7.1CVSS6AI score0.00478EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/23 5:3 p.m.7 views

Gogs's write-level collaborators can mutate admin-only repository settings via API

Summary Three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:owner/:repo/mirror-sync — are gated by reqRepoWriter rather than reqRepoAdmin. The equivalent operations in the web UI sit behind reqRepoAdmin, which requir...

7.1CVSS6AI score0.00478EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51626

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description An authorization bypass exists where three API endpoints are protected by write-level middleware instead of administrator-level middleware. This allows a collaborator with write access to perfor...

7.1CVSS5.9AI score0.00478EPSS
Exploits0References9
OSV
OSV
added 2026/06/22 4:58 p.m.2 views

GHSA-3QQ3-668M-V9MJ Gogs has a Denial of Service in repository/wiki file listing web pages

Summary A malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the pages containing the listing of files will return HTTP error 500 and render the web interface unusable for the repository or wiki. Details The issue is...

4.9CVSS5.9AI score0.0044EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/22 4:58 p.m.14 views

Gogs has a Denial of Service in repository/wiki file listing web pages

Summary A malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the pages containing the listing of files will return HTTP error 500 and render the web interface unusable for the repository or wiki. Details The issue is...

4.9CVSS5.9AI score0.0044EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-51428

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description A malicious user with permissions to create files in a repository or wiki page can trigger a denial of service. This occurs when pages containing file listings return an HTTP 500 error, rendering the w...

4.9CVSS5.8AI score0.0044EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/13 12:34 a.m.11 views

EUVD-2026-36613

OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local files outside intended ingest sources. Attackers with operator.write access can specify arbitrary local file...

7.1CVSS5.4AI score0.00375EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 9:56 p.m.6 views

CVE-2026-53825 OpenClaw < 2026.4.7 - Arbitrary Local File Read via memory-wiki Ingest with operator.write Scope

OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local files outside intended ingest sources. Attackers with operator.write access can specify arbitrary local file...

7.1CVSS5.4AI score0.00375EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 9:56 p.m.29 views

CVE-2026-53825 OpenClaw < 2026.4.7 - Arbitrary Local File Read via memory-wiki Ingest with operator.write Scope

OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local files outside intended ingest sources. Attackers with operator.write access can specify arbitrary local file...

7.1CVSS0.00375EPSS
Exploits0References2
Rows per page
Query Builder