Lucene search
+L

2038 matches found

OSV
OSV
added 2026/03/05 7:48 p.m.4 views

GHSA-VGVF-M4FW-938J Gogs: Stored XSS in branch and wiki views through author and committer names

Summary Stored XSS is still possible through unsafe template rendering that mixes user input with safe plus permissive sanitizer handling of data URLs. Details safe still turns off escaping: - internal/template/template.go - func saferaw string template.HTML return template.HTMLraw Branch pages...

6.9CVSS6.1AI score0.00189EPSS
Exploits0References6
NVD
NVD
added 2026/03/05 7:16 p.m.13 views

CVE-2026-27723

OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...

5.3CVSS0.00209EPSS
Exploits0References3
CVE
CVE
added 2026/03/05 6:40 p.m.26 views

CVE-2026-26195

Gogs prior to v0.14.2 is affected by a stored XSS due to unsafe template rendering that mixes user input with a permissive sanitizer for data URLs. The issue enables stored cross-site scripting via data URLs and has been patched in v0.14.2. CVSS v4.0 base metrics indicate a MEDIUM severity (6.9) ...

6.9CVSS5.8AI score0.00189EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/05 6:40 p.m.36 views

CVE-2026-26195 Gogs: Stored XSS in branch and wiki views through author and committer names

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, stored xss is still possible through unsafe template rendering that mixes user input with safe plus permissive sanitizer handling of data urls. This issue has been patched in version 0.14.2...

6.9CVSS0.00189EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/05 6:40 p.m.1 views

CVE-2026-26195 Gogs: Stored XSS in branch and wiki views through author and committer names

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, stored xss is still possible through unsafe template rendering that mixes user input with safe plus permissive sanitizer handling of data urls. This issue has been patched in version 0.14.2...

6.9CVSS5.7AI score0.00189EPSS
Exploits0References4
OSV
OSV
added 2026/03/05 6:40 p.m.6 views

CVE-2026-26195 Gogs: Stored XSS in branch and wiki views through author and committer names

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, stored xss is still possible through unsafe template rendering that mixes user input with safe plus permissive sanitizer handling of data urls. This issue has been patched in version 0.14.2...

6.9CVSS7AI score0.00189EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/05 4:26 p.m.3 views

CVE-2026-27723 OpenProject: Insufficient access control leads to create Wiki objects belongs unpermitted projects

OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...

4.3CVSS5.7AI score0.00209EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/05 4:26 p.m.5 views

CVE-2026-27723

OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...

4.3CVSS5.8AI score0.00209EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/05 4:26 p.m.20 views

CVE-2026-27723

OpenProject CVE-2026-27723 involves insufficient access control that allows creating wiki pages for unpermitted projects via an improperly authenticated request. Affected versions are before 17.0.5 and 17.1.2; these releases fix the issue by addressing the access control hole. The CVSS 3.1 vector...

5.3CVSS5.8AI score0.00209EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/05 4:26 p.m.4 views

EUVD-2026-9846

OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...

4.3CVSS5.8AI score0.00209EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/05 4:26 p.m.28 views

CVE-2026-27723 OpenProject: Insufficient access control leads to create Wiki objects belongs unpermitted projects

OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...

4.3CVSS0.00209EPSS
Exploits0References3
OSV
OSV
added 2026/03/05 4:26 p.m.4 views

CVE-2026-27723 OpenProject: Insufficient access control leads to create Wiki objects belongs unpermitted projects

OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...

4.3CVSS5.7AI score0.00209EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.11 views

OpenProject 访问控制错误漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 17.0.5 and 17.1.2 had a access control vulnerability. This vulnerability stemmed from improper authentication requests, which could lead to the creation of wiki pages for unauthorized projects...

5.3CVSS5.8AI score0.00209EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.7 views

PT-2026-23480

OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...

4.3CVSS5.8AI score0.00209EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/04 12:28 a.m.7 views

SUSE CVE-2026-24135

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, a path traversal vulnerability exists in the updateWikiPage function of Gogs. The vulnerability allows an authenticated user with write access to a repository's wiki to delete arbitrary files on the server by manipulatin...

8.1CVSS5.8AI score0.00654EPSS
Exploits1References3
OSV
OSV
added 2026/02/17 6:9 p.m.4 views

GO-2026-4452 Gogs vulnerable to arbitrary file deletion via Path Traversal in wiki page update in gogs.io/gogs

Gogs vulnerable to arbitrary file deletion via Path Traversal in wiki page update in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

8.1CVSS5.7AI score0.00654EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.6 views

GitLab 18.4 < 18.4.6 / 18.5 < 18.5.4 / 18.6 < 18.6.2 (CVE-2025-12716)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that, under certain conditions could have allowed an...

8.7CVSS5.6AI score0.0041EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.6 views

GitLab 17.1 < 18.6.4 / 18.7 < 18.7.2 / 18.8 < 18.8.2 (CVE-2025-13335)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that under certain circumstances could have allowed an...

6.5CVSS5.7AI score0.00521EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.8 views

Docmost 安全漏洞

Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost prior to 0.25.0 contained security vulnerabilities, which were caused by insufficient HTML escape sequences, potentially leading to stored-xss attacks...

7.3CVSS5.8AI score0.00224EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/07 7:30 p.m.7 views

CVE-2026-24135

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, a path traversal vulnerability exists in the updateWikiPage function of Gogs. The vulnerability allows an authenticated user with write access to a repository's wiki to delete arbitrary files on the server by manipulatin...

8.1CVSS5.4AI score0.00654EPSS
Exploits1References1
Rows per page
Query Builder