Lucene search
+L

2038 matches found

EUVD
EUVD
added 2026/04/21 8:52 p.m.8 views

EUVD-2026-24487

Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page, it is possible to include a JavaScript URI as the link. When a user clicks on the link the JavaScript executes. This vulnerability is fixed in 0.80.0...

5.4CVSS5.8AI score0.00139EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.11 views

PT-2026-34179

Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page, it is possible to include a JavaScript URI as the link. When a user clicks on the link the JavaScript executes. This vulnerability is fixed in 0.80.0...

5.4CVSS5.8AI score0.00139EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/16 7:22 p.m.11 views

CVE-2026-33193

Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting XSS attack due to improper handling of MIME type spoofing GHSL-2026-052. An attacker could exploit this flaw to inject malicious scripts, potentially...

4.6CVSS5.7AI score0.00187EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/14 9:49 p.m.5 views

EUVD-2026-22756

Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated user to overwrite another page's attachment within the same workspace by supplying a victim...

5.4CVSS5.8AI score0.0017EPSS
Exploits2References1
EUVD
EUVD
added 2026/04/14 9:39 p.m.5 views

EUVD-2026-22752

Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting XSS attack due to improper handling of MIME type spoofing GHSL-2026-052. An attacker could exploit this flaw to inject malicious scripts, potentially...

4.6CVSS5.7AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/14 7:22 p.m.6 views

CVE-2026-40042

Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions...

9.8CVSS5.9AI score0.00373EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.8 views

PT-2026-32970

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as...

6.9CVSS5.8AI score0.00405EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32929

Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting XSS attack due to improper handling of MIME type spoofing GHSL-2026-052. An attacker could exploit this flaw to inject malicious scripts, potentially...

4.6CVSS5.7AI score0.00187EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.10 views

Docmost 授权问题漏洞

Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost from 0.70.0 to 0.70.2 have a vulnerability related to authorization issues. This vulnerability stems from an authorization bypass issue, allowing unauthorized users to enumerate and...

4.3CVSS5.8AI score0.00213EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

Docmost 跨站脚本漏洞

Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost prior to 0.70.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of MIME type deception, which could lead to storage-based cross-site...

4.6CVSS5.7AI score0.00187EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/13 9:30 p.m.5 views

EUVD-2026-22049

Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions...

9.8CVSS5.9AI score0.00373EPSS
Exploits1References3
NVD
NVD
added 2026/04/13 7:16 p.m.10 views

CVE-2026-40042

Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions...

9.8CVSS0.00373EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2026/04/13 12:0 a.m.90 views

📄 Pachno 1.0.6 Wiki TextParser XML Injection

Pachno version 1.0.6 suffers from an XML eXternal Entity XXE vulnerability in the wiki textparser. Pachno 1.0.6 Wiki TextParser XXE Vulnerability Vendor: Daniel André Eikeland Product web page: https://github.com/pachno/pachno Affected version: 1.0.6 Summary: Pachno is an open-source collaboratio...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2026/04/12 12:0 a.m.59 views

Pachno 1.0.6 Wiki TextParser XXE Vulnerability

Summary Pachno is an open-source collaboration platform formerly known as The Bug Genie designed for team project management, issue tracking, and documentation. It offers a module-based, customizable environment for software development and team workflows, distributed under the Mozilla Public...

9.8CVSS6AI score0.00373EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/04/09 1:23 a.m.7 views

CVE-2026-22711

Improper neutralization of alternate XSS syntax vulnerability in The Wikimedia Foundation Mediawiki - Wikilove Extension allows Cross-Site Scripting XSS.The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45...

6.9CVSS5.8AI score0.00293EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/07 10:4 p.m.17 views

CVE-2026-39935 XSS-via-i18n in localised wiki names

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - CampaignEvents Extension allows Cross-Site Scripting XSS. This issue was remediated only on the master branch...

6.9CVSS0.00293EPSS
Exploits0References2
CVE
CVE
added 2026/04/07 10:4 p.m.7 views

CVE-2026-39935

The CVE-2026-39935 entry describes a Cross-Site Scripting (XSS) vulnerability in The Wikimedia Foundation MediaWiki CampaignEvents Extension. Affected versions are 1.43.7, 1.44.4, and 1.45.2, where improper input neutralization during web page generation allows XSS. The issue is tied to the Campa...

6.9CVSS5.9AI score0.00293EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/07 10:4 p.m.5 views

CVE-2026-39935 XSS-via-i18n in localised wiki names

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - CampaignEvents Extension allows Cross-Site Scripting XSS. This issue was remediated only on the master branch...

6.9CVSS5.8AI score0.00293EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/07 6:39 p.m.23 views

CVE-2026-22711 Stored XSS through system messages in WikiLove

Improper neutralization of alternate XSS syntax vulnerability in The Wikimedia Foundation Mediawiki - Wikilove Extension allows Cross-Site Scripting XSS.The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45...

6.9CVSS0.00293EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/03 11:1 p.m.5 views

CVE-2026-34735

The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. In version 1.2.0 and prior, the quickUpload endpoint validates uploaded files by checking their MIME type via PHP's finfo, which inspects file contents but constructs the stored filename using the...

8.7CVSS6AI score0.00306EPSS
Exploits0References1
Rows per page
Query Builder