Lucene search
+L

223 matches found

OSV
OSV
added 2026/05/05 4:16 p.m.6 views

UBUNTU-CVE-2026-7411

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...

10CVSS6.2AI score0.03678EPSS
Exploits1References2
NVD
NVD
added 2026/04/13 7:16 p.m.19 views

CVE-2026-40041

Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload,...

5.3CVSS0.00109EPSS
Exploits1References2
CVE
CVE
added 2026/04/13 6:10 p.m.21 views

CVE-2026-40041

CVE-2026-40041 affects Pachno 1.0.6 and describes a cross-site request forgery (CSRF) vulnerability arising from missing CSRF protections on state-changing endpoints. Attackers can craft requests that execute actions in an authenticated user context via attacker-controlled sites, targeting login,...

5.3CVSS5.8AI score0.00109EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/13 6:10 p.m.1 views

CVE-2026-40041 Pachno 1.0.6 Cross-Site Request Forgery via State-Changing Endpoints

Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload,...

5.3CVSS5.8AI score0.00109EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/13 6:10 p.m.20 views

CVE-2026-40041 Pachno 1.0.6 Cross-Site Request Forgery via State-Changing Endpoints

Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload,...

5.3CVSS0.00109EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.10 views

PT-2026-30208

A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE TBL ValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfe tbl passthru codec.c. The manipulation leads to integer overflow. The complexity of an attack is rather high. The exploitability is told...

4.6CVSS5.5AI score0.00209EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/03/25 12:27 a.m.6 views

SUSE CVE-2026-26276

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository's Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. This issue has been patched in...

7.3CVSS5.8AI score0.00184EPSS
Exploits0References3
OSV
OSV
added 2026/03/10 6:28 p.m.5 views

GO-2026-4627 Gogs: DOM-based XSS via milestone selection in gogs.io/gogs

Gogs: DOM-based XSS via milestone selection in gogs.io/gogs...

7.3CVSS5.8AI score0.00184EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.6 views

CVE-2026-26276

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. This issue has been patched in...

7.3CVSS5.7AI score0.00184EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/05 9:13 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the milestone selection. An attacker can execute arbitrary JavaScript code in the context of another user's browser by storing a crafted HTML or JavaScript payload in a repository's milestone name, which is...

8.7CVSS5.7AI score0.00184EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/05 8:16 p.m.13 views

EUVD-2026-9855

Gogs: DOM-based XSS via milestone selection...

7.3CVSS5.9AI score0.00184EPSS
Exploits0References4
OSV
OSV
added 2026/03/05 8:16 p.m.8 views

GHSA-VGJM-2CPF-4G7C Gogs: DOM-based XSS via milestone selection

Summary It was confirmed in a test environment that an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. Impact Theft of information accessible in the victim...

7.3CVSS6AI score0.00184EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/05 8:16 p.m.10 views

Gogs: DOM-based XSS via milestone selection

Summary It was confirmed in a test environment that an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. Impact Theft of information accessible in the victim...

7.3CVSS6AI score0.00184EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/03/05 7:16 p.m.13 views

CVE-2026-26276

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. This issue has been patched in...

7.3CVSS0.00184EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/05 6:51 p.m.0 views

CVE-2026-26276 Gogs: DOM-based XSS via milestone selection

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. This issue has been patched in...

7.3CVSS5.7AI score0.00184EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/05 6:51 p.m.5 views

CVE-2026-26276

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. This issue has been patched in...

7.3CVSS5.9AI score0.00184EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/05 6:51 p.m.39 views

CVE-2026-26276 Gogs: DOM-based XSS via milestone selection

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. This issue has been patched in...

7.3CVSS0.00184EPSS
Exploits0References3
CVE
CVE
added 2026/03/05 6:51 p.m.35 views

CVE-2026-26276

Gogs (before 0.14.2) is vulnerable to a DOM-based XSS: an attacker can store an HTML/JavaScript payload in a repository milestone name, which is triggered when a user selects the milestone on the New Issue page. The issue is fixed in version 0.14.2. CVSSv3.1 base score 7.3 (HIGH): Network attack ...

7.3CVSS5.9AI score0.00184EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/05 6:51 p.m.9 views

CVE-2026-26276 Gogs: DOM-based XSS via milestone selection

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. This issue has been patched in...

7.3CVSS7AI score0.00184EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.22 views

Gogs 跨站脚本漏洞

Gogs Go Git Service is a self-service Git hosting service developed by the Gogs team using the Go language. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Prior to version 0.14.2, Gogs had a cross-site scripting...

7.3CVSS7.1AI score0.00184EPSS
Exploits0References3
Rows per page
Query Builder