Lucene search
K

169 matches found

Veracode
Veracode
added 2022/02/10 8:17 a.m.34 views

Cross Site Scripting (XSS)

github.com/go-gitea/gitea is vulnerable to cross-site scripting XSS. The vulnerability exists due to the lack of sanitization in the repository settings in the setting.go file allows the attacker to inject and execute arbitrary Javascript via the URL field in the external wiki/issue tracker...

6.1CVSS3.2AI score0.00777EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/02/10 12:0 a.m.20 views

GHSA-R3GQ-WXQF-Q4GH Cross-site Scripting in Gitea

Cross Site Scripting XSS vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field...

6.1CVSS5.8AI score0.00777EPSS
Exploits0References4
NVD
NVD
added 2022/02/08 11:15 p.m.48 views

CVE-2021-45329

Cross Site Scripting XSS vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field...

6.1CVSS0.00777EPSS
Exploits0References2
Prion
Prion
added 2022/02/08 11:15 p.m.10 views

Cross site scripting

Cross Site Scripting XSS vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field...

4.3CVSS5.9AI score0.00777EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/02/08 11:15 p.m.5 views

UBUNTU-CVE-2021-45329

Cross Site Scripting XSS vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field...

6.1CVSS6.4AI score0.00777EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2022/02/08 11:15 p.m.35 views

CVE-2021-45329

Cross Site Scripting XSS vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field...

6.1CVSS6.3AI score0.00777EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2022/02/08 10:26 p.m.39 views

CVE-2021-45329

Cross Site Scripting XSS vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field...

6.1CVSS6AI score0.00777EPSS
Exploits0
Cvelist
Cvelist
added 2022/02/08 10:26 p.m.47 views

CVE-2021-45329

Cross Site Scripting XSS vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field...

6.1AI score0.00777EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2021/12/14 9:44 p.m.47 views

Files Accessible to External Parties in Opencast

Opencast before version 10.6 allows references to local file URLs in ingested media packages, allowing attackers to include local files from Opencast's host machines and making them available via the web interface. Impact Before Opencast 10.6, Opencast would open and include local files during...

9.9CVSS1.3AI score0.01964EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/14 9:7 p.m.199 views

Apache Log4j Remote Code Execution

Impact Opencast uses an Apache Log4j2 version which, combined with older JDK versions, can be used for remote code execution attacks which have been found to be actively exploited. Apache Log4j2 =2.14.1 JNDI features is not sufficiently protected. An attacker who can control log messages or log...

10CVSS4.4AI score0.99999EPSS
Exploits351References6Affected Software1
0day.today
0day.today
added 2021/10/13 12:0 a.m.248 views

Simple Issue Tracker System 1.0 - SQL injection Authentication Bypass Vulnerability

Exploit Title: Simple Issue Tracker System 1.0 - SQLi Authentication Bypass Exploit Author: Bekir Bugra TURKOGLU Vendor Homepage: https://www.sourcecodester.com/php/14938/simple-issue-tracker-system-project-using-php-and-sqlite-free-download.html Software Link:...

0.9AI score
Exploits0
OSV
OSV
added 2021/09/23 11:18 p.m.12 views

GHSA-XPWJ-7V8Q-MCGJ Deno's static imports inside dynamically imported modules do not adhere to permission checks

Impact Modules that are dynamically imported through import or new Worker might have been able to bypass network and file system permission checks when statically importing other modules. In Deno 1.5.x and 1.6.x only programs dynamically importing especially transitively untrusted code are...

9.8CVSS9.8AI score0.01113EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/09/23 11:18 p.m.47 views

Deno's static imports inside dynamically imported modules do not adhere to permission checks

Impact Modules that are dynamically imported through import or new Worker might have been able to bypass network and file system permission checks when statically importing other modules. In Deno 1.5.x and 1.6.x only programs dynamically importing especially transitively untrusted code are...

9.8CVSS1.2AI score0.01113EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/10 5:56 p.m.36 views

StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service)

Impact The formatter function that strips comments from a SQL contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. Patches The...

7.5CVSS8AI score0.02134EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2021/06/18 6:44 p.m.25 views

GHSA-5PR9-V234-JW36 Remote Code Execution via traversal in TAL expressions

Impact Most Python modules are not available for using in TAL expressions that you can add through-the-web, for example in Zope Page Templates. This restriction avoids file system access, for example via the 'os' module. But some of the untrusted modules are available indirectly through Python...

7.6CVSS8.5AI score0.01843EPSS
Exploits1References8
OSV
OSV
added 2021/03/09 12:38 a.m.47 views

GHSA-JFF3-MWP3-F8CW Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup

Impact What kind of vulnerability is it? Who is impacted? Information disclosure vulnerability - anonymous visitors may view log and snapshot files generated by the Generic Setup Tool. Patches Has the problem been patched? What versions should users upgrade to? The problem has been fixed in versi...

6.9CVSS5.3AI score0.01525EPSS
Exploits0References8
Kitploit
Kitploit
added 2020/12/24 8:30 p.m.160 views

Censys-Python - An Easy-To-Use And Lightweight API Wrapper For The Censys Search Engine

An easy-to-use and lightweight API wrapper for the Censys Search Engine censys.io. Python 3.6+ is currently supported. Getting Started The library can be installed using pip. $ pip install censys To configure your credentials run censys config or set both CENSYSAPIID and CENSYSAPISECRET environme...

7AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2020/09/30 6:15 p.m.47 views

CVE-2020-26160

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lac...

7.5CVSS6.8AI score0.02158EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2020/08/26 7:32 p.m.53 views

Server secret was included in static assets and served to clients

Impact Server JWT signing secret was included in static assets and served to clients. This ALLOWS Flood's builtin authentication to be bypassed. Given Flood is granted access to rTorrent's SCGI interface which is unprotected and ALLOWS arbitrary code execution and usually wide-ranging privileges ...

1.1AI score
Exploits0References4Affected Software1
Veracode
Veracode
added 2019/11/08 5:31 a.m.13 views

Information Disclosure

github.com/hashicorp/terraform is vulnerable to information disclosure. Sensitive information can be disclosed to the issue tracker when crash log files are not redacted by the operator...

1.2AI score
Exploits0
Rows per page
Query Builder