Lucene search
+L

100 matches found

github
github
added 2026/06/23 5:3 p.m.10 views

Gogs allows users to write to readonly repositories using receive-pack + service=git-upload-pack confusion

Summary Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied service query string so ?service=git-upload-pack is evaluated as read access while routing still runs git receive-pack, allowing push where only read should be allowed. Details Gogs' Git Smart HTTP handler for...

7.1CVSS6.1AI score0.00427EPSS
Exploits0References5Affected Software1
osv
osv
added 2026/06/23 5:3 p.m.3 views

GHSA-WMFG-5P4H-5FW3 Gogs allows users to write to readonly repositories using receive-pack + service=git-upload-pack confusion

Summary Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied service query string so ?service=git-upload-pack is evaluated as read access while routing still runs git receive-pack, allowing push where only read should be allowed. Details Gogs' Git Smart HTTP handler for...

7.1CVSS6.1AI score0.00427EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/05/06 12:8 p.m.10 views

CVE-2026-23927

A flaw was found in Zabbix Agent 2. A user with network access to Agent 2 can inject a malicious Oracle TNS Transparent Network Substrate connection string through the 'service' parameter. This allows Agent 2 to connect to an attacker-controlled server, potentially leading to the disclosure of...

5CVSS5.7AI score0.00229EPSS
Exploits0References2
nvd
nvd
added 2026/05/06 8:16 a.m.10 views

CVE-2026-23927

A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session...

5CVSS0.00229EPSS
Exploits0References1
osv
osv
added 2026/05/06 8:16 a.m.7 views

DEBIAN-CVE-2026-23927

A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session...

5CVSS5.8AI score0.00229EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/05/06 8:16 a.m.9 views

CVE-2026-23927

A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session...

5CVSS5.8AI score0.00229EPSS
Exploits0References2
euvd
euvd
added 2026/05/06 6:59 a.m.10 views

EUVD-2026-27528

A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session...

5CVSS5.8AI score0.00229EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/06 6:59 a.m.7 views

CVE-2026-23927 Agent 2 Oracle plugin TNS connection string injection via the 'service' parameter

A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session...

5CVSS5.8AI score0.00229EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/06 6:59 a.m.9 views

CVE-2026-23927

A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session...

5CVSS5.8AI score0.00229EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/05/06 6:59 a.m.29 views

CVE-2026-23927 Agent 2 Oracle plugin TNS connection string injection via the 'service' parameter

A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session...

5CVSS0.00229EPSS
Exploits0References1
cve
cve
added 2026/05/06 6:59 a.m.35 views

CVE-2026-23927

The CVE-2026-23927 entry describes a vulnerability in the Agent 2 Oracle plugin where an authenticated user who can connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can cause Agent 2 to connect to an attacker-controlled server and may leak Oracle dat...

5CVSS5.8AI score0.00229EPSS
Exploits0References1
debiancve
debiancve
added 2026/05/06 6:59 a.m.10 views

CVE-2026-23927

A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session...

5CVSS5.8AI score0.00229EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/05/06 12:0 a.m.19 views

PT-2026-37345

A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session...

5CVSS5.8AI score0.00229EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/05 12:0 a.m.15 views

PT-2026-36969

The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due to a flawed path traversal validation in the create template method of the CheckForm class, where realpath is called on the allowed base directory...

6.5CVSS5.9AI score0.0057EPSS
Exploits0References11
cnnvd
cnnvd
added 2026/03/23 12:0 a.m.11 views

Code-Projects Simple Laundry System SQL注入漏洞

Code-Projects Simple Laundry System is an open-source system developed by Code-Projects, designed for managing laundry shop operations. It offers features such as order management, customer management, and inventory management. Version 1.0 of the code-projects Simple Laundry System contains a SQL...

9.8CVSS7.2AI score0.00329EPSS
Exploits1References5
cve
cve
added 2026/01/23 12:19 a.m.24 views

CVE-2026-24138

FOG (FOG Project) versions 1.5.10.1754 and earlier are affected by an unauthenticated SSRF in getversion.php. An attacker can supply a user-controlled url parameter, potentially reaching internal sites or files on the vulnerable host, and this request may be processed without an authenticated ses...

7.5CVSS5.6AI score0.0038EPSS
Exploits0References1
cnvd
cnvd
added 2025/10/31 12:0 a.m.6 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27643)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from insufficient cleanup and escaping of the SERVICE, LOGIN, and PASSWORD parameters, which could be exploited by...

5.4CVSS6.1AI score0.05013EPSS
Exploits0References1
osv
osv
added 2025/10/28 3:16 p.m.6 views

CVE-2025-34309

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SERVICE, LOGIN, and PASSWORD parameters when creating or editing a Dynamic DNS host. When a new Dynamic DNS...

5.4CVSS5.9AI score0.05013EPSS
Exploits0References3
nvd
nvd
added 2025/10/28 3:16 p.m.16 views

CVE-2025-34309

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SERVICE, LOGIN, and PASSWORD parameters when creating or editing a Dynamic DNS host. When a new Dynamic DNS...

5.4CVSS0.05013EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/10/28 2:35 p.m.4 views

CVE-2025-34309 IPFire < v2.29 Stored XSS via Dynamic DNS Host

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SERVICE, LOGIN, and PASSWORD parameters when creating or editing a Dynamic DNS host. When a new Dynamic DNS...

5.1CVSS5.6AI score0.05013EPSS
Exploits0References3
Rows per page
Query Builder