18 matches found
CVE-2026-52813
Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization names containing path traversal sequences ../ are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allows storing/retrieving data for repositories at arbitrary...
CVE-2026-52813 Gogs: Path Traversal in organization name results in RCE through Git hooks
Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization names containing path traversal sequences ../ are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allows storing/retrieving data for repositories at arbitrary...
Gogs has Path Traversal in organization name that results in RCE through Git hooks
Summary Organization names containing path traversal sequences ../ are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allows storing/retrieving data for repositories at arbitrary locations on the filesystem. By creating nested structure of...
CVE-2025-64744
OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML in the name, the markup is rendered inside the invitation email. This indicates that user-controlled input is inserted into the email template without...
CVE-2025-64744
OpenObserve vulnerable to HTML injection in organization invitation emails. Affected versions up to 0.16.1 render HTML from user-supplied organization names in email templates due to insufficient HTML escaping. As of publication, no patched versions are available (multiple sources corroborate acr...
CVE-2025-64744 OpenObserve Vulnerable to HTML Injection in Organization Invitation Emails
OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML in the name, the markup is rendered inside the invitation email. This indicates that user-controlled input is inserted into the email template without...
EUVD-2025-175381
OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML in the name, the markup is rendered inside the invitation email. This indicates that user-controlled input is inserted into the email template without...
CVE-2025-64744 OpenObserve Vulnerable to HTML Injection in Organization Invitation Emails
OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML in the name, the markup is rendered inside the invitation email. This indicates that user-controlled input is inserted into the email template without...
PT-2025-46906
Name of the Vulnerable Software and Affected Versions OpenObserve versions prior to 0.16.2 Description OpenObserve is a cloud-native observability platform. When creating or renaming an organization with HTML in the name, the markup is rendered inside the invitation email. This occurs because...
EUVD-2024-19825
Malicious code in bioql PyPI...
CVE-2024-22256
VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance...
CVE-2024-22256
VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance...
CVE-2024-22256
VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance...
Information disclosure
VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance...
CVE-2024-22256
VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance...
PT-2024-2188 · Vmware · Vmware Cloud Director
Name of the Vulnerable Software and Affected Versions: VMware Cloud Director affected versions not specified Description: The issue is related to a partial information disclosure, where a malicious actor can potentially gather information about organization names based on the behavior of the...
CloudPulse - AWS Cloud Landscape Search Engine
During the reconnaissance phase, an attacker searches for any information about his target to create a profile that will later help him to identify possible ways to get in an organization. CloudPulse is a powerful tool that simplifies and enhances the analysis of SSL certificate data. It leverage...
CVE-2020-14329
A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and also disclose organization names. The...