Lucene search
K

2031 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.4 views

CVE-2026-32736

The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...

4.3CVSS5.8AI score0.00207EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.15 views

PT-2026-28493

Name of the Vulnerable Software and Affected Versions TSPortal versions prior to 34 Description TSPortal, the WikiTide Foundation’s in-house platform used by the Trust and Safety team, was found to have a flaw that allowed attackers to create arbitrary user records in the database. This was...

6.5CVSS6AI score0.00293EPSS
Exploits1References6
NVD
NVD
added 2026/03/18 11:17 p.m.6 views

CVE-2026-32736

The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...

4.3CVSS0.00207EPSS
Exploits1References2
OSV
OSV
added 2026/03/18 10:6 p.m.5 views

CVE-2026-32736 Hytale Modding Wiki has Insecure Direct Object Reference / GDPR PII Exposure

The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...

4.3CVSS5.9AI score0.00207EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/18 10:6 p.m.24 views

CVE-2026-32736 Hytale Modding Wiki has Insecure Direct Object Reference / GDPR PII Exposure

The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...

4.3CVSS0.00207EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/18 10:6 p.m.2 views

CVE-2026-32736

The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...

4.3CVSS5.8AI score0.00207EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/18 10:6 p.m.6 views

EUVD-2026-12981

The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...

4.3CVSS5.8AI score0.00207EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/18 10:6 p.m.2 views

CVE-2026-32736 Hytale Modding Wiki has Insecure Direct Object Reference / GDPR PII Exposure

The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...

4.3CVSS5.8AI score0.00207EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.6 views

HytaleModding Wiki 安全漏洞

HytaleModding Wiki is an open-source documentation platform for Hytale Modding. Versions of HytaleModding Wiki prior to version 1.0.0 contained security vulnerabilities, which were caused by insecure direct object references, potentially leading to the exposure of users’ personal information...

4.3CVSS5.8AI score0.00207EPSS
Exploits1References2
OSV
OSV
added 2026/03/10 6:28 p.m.5 views

GO-2026-4618 Gogs: Stored XSS in branch and wiki views through author and committer names in gogs.io/gogs

Gogs: Stored XSS in branch and wiki views through author and committer names in gogs.io/gogs...

6.9CVSS5.8AI score0.00189EPSS
Exploits0References5
NVD
NVD
added 2026/03/10 5:40 p.m.3 views

CVE-2026-30917

Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whenever a user views that table's corresponding Bucket namespace page. This vulnerability is fixed ...

8.8CVSS0.00297EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.4 views

CVE-2026-27723

OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...

5.3CVSS5.7AI score0.00209EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/05 7:48 p.m.8 views

Gogs: Stored XSS in branch and wiki views through author and committer names

Summary Stored XSS is still possible through unsafe template rendering that mixes user input with safe plus permissive sanitizer handling of data URLs. Details safe still turns off escaping: - internal/template/template.go - func saferaw string template.HTML return template.HTMLraw Branch pages...

6.9CVSS6.1AI score0.00189EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/05 7:48 p.m.2 views

GHSA-VGVF-M4FW-938J Gogs: Stored XSS in branch and wiki views through author and committer names

Summary Stored XSS is still possible through unsafe template rendering that mixes user input with safe plus permissive sanitizer handling of data URLs. Details safe still turns off escaping: - internal/template/template.go - func saferaw string template.HTML return template.HTMLraw Branch pages...

6.9CVSS6.1AI score0.00189EPSS
Exploits0References6
NVD
NVD
added 2026/03/05 7:16 p.m.12 views

CVE-2026-27723

OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...

5.3CVSS0.00209EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/05 6:40 p.m.1 views

CVE-2026-26195 Gogs: Stored XSS in branch and wiki views through author and committer names

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, stored xss is still possible through unsafe template rendering that mixes user input with safe plus permissive sanitizer handling of data urls. This issue has been patched in version 0.14.2...

6.9CVSS5.7AI score0.00189EPSS
Exploits0References4
CVE
CVE
added 2026/03/05 6:40 p.m.24 views

CVE-2026-26195

Gogs prior to v0.14.2 is affected by a stored XSS due to unsafe template rendering that mixes user input with a permissive sanitizer for data URLs. The issue enables stored cross-site scripting via data URLs and has been patched in v0.14.2. CVSS v4.0 base metrics indicate a MEDIUM severity (6.9) ...

6.9CVSS5.8AI score0.00189EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/05 6:40 p.m.4 views

CVE-2026-26195 Gogs: Stored XSS in branch and wiki views through author and committer names

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, stored xss is still possible through unsafe template rendering that mixes user input with safe plus permissive sanitizer handling of data urls. This issue has been patched in version 0.14.2...

6.9CVSS7AI score0.00189EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/05 6:40 p.m.36 views

CVE-2026-26195 Gogs: Stored XSS in branch and wiki views through author and committer names

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, stored xss is still possible through unsafe template rendering that mixes user input with safe plus permissive sanitizer handling of data urls. This issue has been patched in version 0.14.2...

6.9CVSS0.00189EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/05 4:26 p.m.3 views

CVE-2026-27723 OpenProject: Insufficient access control leads to create Wiki objects belongs unpermitted projects

OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...

4.3CVSS5.7AI score0.00209EPSS
Exploits0References3
Rows per page
Query Builder