Lucene search
K

25 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-15063

A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...

6.3CVSS0.00184EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42293

A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...

6.3CVSS5.9AI score0.00184EPSS
Exploits0References2
CVE
CVE
added 6 days ago10 views

CVE-2026-15063

The CVE-2026-15063 affects the gorch service in the trustyai-service-operator. The issue is that, even with authentication enabled, gorch exposes unproxied orchestrator and detector metrics ports, reachable from any pod on the cluster network. This bypasses kube-rbac-proxy authentication, enablin...

6.3CVSS5.9AI score0.00184EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-18851

Malware in sbrugna...

5.9CVSS5.9AI score0.02472EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.6 views

Malicious code in generator-dr-service-template (npm)

The package generator-dr-service-template was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-21281 Malicious code in generator-dr-service-template (npm)

The package generator-dr-service-template was found to contain malicious code...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 12:16 a.m.6 views

CVE-2022-45051

A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The module parameter on the Service.template.cls endpoint does not properly neutralise user input, resulting in the vulnerability...

6.1CVSS6.3AI score0.00418EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/24 12:0 a.m.11 views

PT-2024-5930

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.15 Django versions 5.0 through 5.0.8 Django versions 5.1 through 5.1.0 Description The urlize and urlizetrunc template filters are subject to a potential denial-of-service attack via very large inputs with a...

7.8CVSS6.5AI score0.25327EPSS
Exploits0References158
Veracode
Veracode
added 2024/04/23 7:13 a.m.16 views

Cross-site Scripting (XSS)

LibreNMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization on the Service template name which is reflecting in delete button onclick event. This allows malicious javascript code to be stored and executed...

7.1CVSS6.9AI score0.34128EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/04/22 10:7 p.m.37 views

CVE-2024-32479 LibreNMS's Improper Sanitization on Service template name leads to Stored XSS

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the Service template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability...

7.1CVSS6.8AI score0.34128EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/04/22 12:0 a.m.14 views

PT-2024-24602 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.4.0 Description: The issue is related to improper sanitization on the Service template name, which can lead to stored Cross-site Scripting. This can be exploited by modifying the template name with crafted...

7.1CVSS7.4AI score0.34128EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2024/02/06 12:0 a.m.2 views

CVE-2024-24680

An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings...

7.4AI score0.01606EPSS
Exploits0References6
Prion
Prion
added 2023/01/04 7:15 p.m.11 views

Cross site scripting

A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The module parameter on the Service.template.cls endpoint does not properly neutralise user input, resulting in the vulnerability...

5.8CVSS6.1AI score0.00418EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/01/04 12:0 a.m.4 views

Axiell Iguana CMS 跨站脚本漏洞

Axiell Iguana CMS is a control-based platform from Axiell Inc. for personalizing and communicating with customers. Axiell Iguana CMS suffers from a security vulnerability that originates from an error in the module parameter of Service.template.cls, which can be exploited by an attacker to execut...

6.1CVSS6.5AI score0.00418EPSS
Exploits0References3
Huntr
Huntr
added 2022/02/13 2:30 a.m.25 views

Cross-site Scripting (XSS) - Stored in librenms/librenms

Description Stored XSS in create/modify Transport Groups, Add/Edit Service and Edit Service Template Proof of Concept Payload: ' PoC image: Xss payload in create/modify Transport Groups Xss payload in Add/Edit Service Xss payload in Edit Service Template XSS will fire-up by user visiting: 1...

3.5CVSS5.3AI score0.00847EPSS
Exploits1
Prion
Prion
added 2020/03/10 6:15 p.m.22 views

Design/Logic Flaw

An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletion. It allows Uncontrolled Resource Consumption...

4CVSS5.1AI score0.00979EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2020/03/10 5:3 p.m.43 views

CVE-2019-13007

Removed by vendor...

4.9CVSS5.8AI score0.00979EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/07/05 12:0 a.m.34 views

FreeBSD : Gitlab -- Multiple Vulnerabilities (4ea507d1-9da8-11e9-a759-001b217b3468)

Gitlab reports : Ability to Write a Note to a Private Snippet Recent Pipeline Information Disclosed to Unauthorised Users Resource Exhaustion Attack Error Caused by Encoded Characters in Comments Authorization Issues in GraphQL Number of Merge Requests was Accessible Enabling One of the Service...

7.5CVSS5.1AI score0.01403EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2018/11/21 12:0 a.m.24 views

FreeBSD : Gitlab -- Multiple vulnerabilities (d889d32c-ecd9-11e8-9416-001b217b3468)

Gitlab reports : Persistent XSS Autocompletion Unauthorized service template creation C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2021 Jacques Vidrine and contributors Redistribution and us...

8.8CVSS7.1AI score0.01986EPSS
Exploits1References4
FreeBSD
FreeBSD
added 2018/11/19 12:0 a.m.242 views

Gitlab -- Multiple vulnerabilities

Gitlab reports: Persistent XSS Autocompletion Unauthorized service template creation...

6.1CVSS3.7AI score0.01162EPSS
Exploits0References1
Rows per page
Query Builder