Lucene search
K

14 matches found

NVD
NVD
added 2026/06/24 9:16 p.m.6 views

CVE-2026-52796

Gogs is an open source self-hosted Git service. Prior to 0.14.3, specially crafted issue index pattern can cause a panic when rendering, resulting in denial of service. In internal/markup/markup.go, RenderIssueIndexPattern renders the issue index pattern to a link using com.Expand, which is not...

3.5CVSS0.00284EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 8:13 p.m.17 views

CVE-2026-52796 Gogs: DoS in rendering issue index pattern

Gogs is an open source self-hosted Git service. Prior to 0.14.3, specially crafted issue index pattern can cause a panic when rendering, resulting in denial of service. In internal/markup/markup.go, RenderIssueIndexPattern renders the issue index pattern to a link using com.Expand, which is not...

3.5CVSS0.00284EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:13 p.m.5 views

CVE-2026-52796

Gogs is an open source self-hosted Git service. Prior to 0.14.3, specially crafted issue index pattern can cause a panic when rendering, resulting in denial of service. In internal/markup/markup.go, RenderIssueIndexPattern renders the issue index pattern to a link using com.Expand, which is not...

3.5CVSS5.9AI score0.00284EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/24 8:13 p.m.13 views

CVE-2026-52796

CVE-2026-52796 / GHSA-4J89-2C4F-44C6 : Gogs before 0.14.3 is vulnerable to a DoS caused by a rendering panic in the issue index pattern. The bug arises when rendering the index link in internal/markup/markup.go: com.Expand is fed a pattern containing an opening brace “{” but no matching “}”, lead...

3.5CVSS5.9AI score0.00284EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/22 11:58 p.m.6 views

Gogs has DoS in rendering issue index pattern

Summary Special template of issue index pattern may cause panic. Details in internal/markup/markup.go go link = fmt.Sprintf%s, com.Expandmetas"format", metas, m Issue index pattern is rendered to link with com.Expand. However, com.Expand is not safe. go i = strings.Indextemplate, "" if s, ok :=...

3.5CVSS5.8AI score0.00284EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51456

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description A specially crafted issue index pattern can cause a panic during rendering, leading to a denial of service. In the internal/markup/markup.go file, the RenderIssueIndexPattern function uses com.Expand t...

3.5CVSS5.9AI score0.00284EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/05/07 12:8 a.m.11 views

OpenSearch vulnerable to improper authorization for Rollover Requests

Description A flaw was identified in the OpenSearch Security plugin's handling of index rollover requests. When a rollover request included an explicit target index name, the security plugin did not properly evaluate access control permissions against the target index. This could allow a user wit...

5.8AI score
Exploits0References2Affected Software1
Imperva Blog
Imperva Blog
added 2023/10/13 8:8 p.m.172 views

How to use DSF Collections & Index Patterns – A Tutorial

In conventional terminology, Imperva Data Security Fabric DSF is a database system, replete with a GUI interface for aggregation pipeline building, workflow orchestration, extensible scripting Playbooks, and self-service data discovery Kibana-based Discover. Imperva DSF is purpose-built for data...

6.6AI score
Exploits0
OSV
OSV
added 2022/03/04 12:0 a.m.1 views

GHSA-M6GG-86C6-GFR9 Withdrawn: Cross-site Scripting in Kibana

Withdrawn: This advisory is for Kibana, not ElasticSearch as it was originally published, and is withdrawn as being out of scope of our supported ecosystems. A cross-site-scripting XSS vulnerability was discovered in the Data Preview Pane previously known as Index Pattern Preview Pane which could...

6.1CVSS5.9AI score0.00759EPSS
Exploits0References3
OSV
OSV
added 2022/03/03 10:15 p.m.20 views

CVE-2022-23710

A cross-site-scripting XSS vulnerability was discovered in the Data Preview Pane previously known as Index Pattern Preview Pane which could allow arbitrary JavaScript to be executed in a victim’s browser...

6.1CVSS6.2AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/03/03 10:15 p.m.4 views

CVE-2022-23710

A cross-site-scripting XSS vulnerability was discovered in the Data Preview Pane previously known as Index Pattern Preview Pane which could allow arbitrary JavaScript to be executed in a victim’s browser...

6.1CVSS6.5AI score0.00759EPSS
Exploits0References3
Prion
Prion
added 2022/03/03 10:15 p.m.19 views

Cross site scripting

A cross-site-scripting XSS vulnerability was discovered in the Data Preview Pane previously known as Index Pattern Preview Pane which could allow arbitrary JavaScript to be executed in a victim’s browser...

4.3CVSS6.1AI score0.00759EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/03/03 9:51 p.m.220 views

CVE-2022-23710

CVE-2022-23710 is an XSS vulnerability in Kibana’s Data Preview Pane (Index Pattern Preview Pane). The issue stems from insufficient input filtering/escaping, allowing arbitrary JavaScript in a victim’s browser. Affected products/versions include Kibana self-managed 7.15.x (and related Elastic St...

6.1CVSS6AI score0.00759EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2022/02/14 9:3 a.m.20 views

Cross-site Scripting (XSS)

kibana is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of the index pattern allowing an attacker to inject maliciously crafted script via the index pattern...

5.4CVSS4.5AI score0.00519EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder