Lucene search
K

48 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-12053

GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user to access sensitive information that had already been committed to a project, due to insufficient output filtering in Duo Workflows...

8.6CVSS0.00328EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-12053 Insertion of Sensitive Information into Log File in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user to access sensitive information that had already been committed to a project, due to insufficient output filtering in Duo Workflows...

8.6CVSS0.00328EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in ruby-loofah

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.1.0; versions less than 2.19.1 are vulnerable to cross-site scripting due to the image/svg+xml media type in data URIs. This issue has been fixed in version 2.19.1...

6.1CVSS6.2AI score0.00792EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in ruby-loofah

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0; versions before 2.19.1 use recursion to sanitize CDATA sections, which can lead to stack exhaustion and raise a SystemStackError exception. This may result in ...

7.5CVSS6.4AI score0.01104EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 3:16 p.m.20 views

CVE-2026-45571

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were...

5.4CVSS0.00297EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 2:57 p.m.47 views

CVE-2026-45571 go-git: Crafted repositories may modify main and submodule .git directories

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were...

5.4CVSS0.00297EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:57 p.m.10 views

CVE-2026-45571

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were...

5.4CVSS5.8AI score0.00297EPSS
Exploits0References2Affected Software1
Packet Storm News
Packet Storm News
added 2026/04/13 12:0 a.m.3 views

Totara LMS 19.1.5 Missing Rate Limiting

Totara LMS versions 19.1.5 and below have a forgot password flow that's missing rate limiting...

5.8AI score0.00397EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/04 9:31 a.m.8 views

be.yildiz-games:module-messaging-activemq (>=1.0.0 <=1.0.1), cn.codeforfun:jfinal-activemq (=0.3) +215 more potentially affected by CVE-2025-66168 +1 more via org.apache.activemq:activemq-all (>=5.0.0 <=5.19.1)

org.apache.activemq:activemq-all MAVEN version =5.0.0, =1.0.0, =6.0.03, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.3-rc1, =2.0.0, =3.0.0, =8.0.0, =2.0.0, =1.0.0, =1.0.1, =1.0.2 and more Source cves: CVE-2025-66168, CVE-2026-40046 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-15426350...

8.8CVSS6AI score0.0078EPSS
Exploits0
OSV
OSV
added 2026/02/21 8:39 a.m.5 views

BIT-GHOST-2026-26980 Ghost has a SQL Injection in its Content API

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...

9.4CVSS5.7AI score0.69996EPSS
Exploits7References5
NVD
NVD
added 2026/02/15 2:16 p.m.8 views

CVE-2019-25376

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted payloads through the ignoreLogACL parameter. Attackers can send POST requests to the proxy endpoint with JavaScript code in the ignoreLogAC...

6.1CVSS0.00363EPSS
Exploits1References4
NVD
NVD
added 2026/02/15 2:16 p.m.8 views

CVE-2019-25373

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewallrulesedit.php with script payloads in the category field to execute...

6.4CVSS0.00199EPSS
Exploits1References4
OSV
OSV
added 2026/02/15 2:16 p.m.5 views

CVE-2019-25370

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfacesvlanedit.php with script payloads in the tag, descr, or vlanif parameters ...

6.1CVSS5.6AI score
Exploits0References4
CVE
CVE
added 2026/02/15 1:58 p.m.14 views

CVE-2019-25375

OPNsense 19.1 is affected by a reflected XSS in the monit interface via the mailserver parameter. Unauthenticated users can submit crafted input (POST to monit) containing JavaScript payloads to execute in users’ browsers. The vulnerability arises from the mailserver parameter handling and allows...

6.1CVSS5.7AI score0.0036EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/02/15 1:58 p.m.13 views

CVE-2019-25373

CVE-2019-25373 – OPNsense 19.1 Stored XSS has a vulnerability in the category field of the firewall_rules_edit.php endpoint. An authenticated user can submit crafted input via POST to this page, injecting JavaScript that is then executed in other users’ browsers when they view firewall rule pages...

6.4CVSS5.5AI score0.00199EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/02/15 1:58 p.m.4 views

EUVD-2019-19423

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diagtraceroute.php to execute...

6.1CVSS5.6AI score0.00241EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/15 1:58 p.m.4 views

CVE-2019-25369

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context o...

6.4CVSS5.1AI score0.00199EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/02/15 1:58 p.m.5 views

EUVD-2019-19426

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context o...

6.4CVSS5.2AI score0.00199EPSS
Exploits1References4
CVE
CVE
added 2026/02/15 1:58 p.m.11 views

CVE-2019-25370

OPNsense 19.1 is affected by a reflected XSS in interfaces_vlan_edit.php. The vulnerability arises from accepting crafted input in multiple parameters (tag, descr, vlanif) via POST, enabling attackers to inject and execute arbitrary JavaScript in users’ browsers. The CVE entry confirms the affect...

6.1CVSS5.5AI score0.00232EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/02/15 12:0 a.m.11 views

Deciso OPNsense 跨站脚本漏洞

Deciso OPNsense is a firewall and router operating system developed by the Dutch company Deciso. Version 19.1 of Deciso OPNsense contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input validation for the mailserver parameter in the monit interface, which ma...

6.1CVSS6AI score0.0036EPSS
Exploits1References4
Rows per page
Query Builder