25 matches found
CVE-2026-15063
A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...
EUVD-2026-42293
A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...
CVE-2026-15063
The CVE-2026-15063 affects the gorch service in the trustyai-service-operator. The issue is that, even with authentication enabled, gorch exposes unproxied orchestrator and detector metrics ports, reachable from any pod on the cluster network. This bypasses kube-rbac-proxy authentication, enablin...
EUVD-2018-18851
Malware in sbrugna...
Malicious code in generator-dr-service-template (npm)
The package generator-dr-service-template was found to contain malicious code...
MAL-2025-21281 Malicious code in generator-dr-service-template (npm)
The package generator-dr-service-template was found to contain malicious code...
CVE-2022-45051
A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The module parameter on the Service.template.cls endpoint does not properly neutralise user input, resulting in the vulnerability...
PT-2024-5930
Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.15 Django versions 5.0 through 5.0.8 Django versions 5.1 through 5.1.0 Description The urlize and urlizetrunc template filters are subject to a potential denial-of-service attack via very large inputs with a...
Cross-site Scripting (XSS)
LibreNMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization on the Service template name which is reflecting in delete button onclick event. This allows malicious javascript code to be stored and executed...
CVE-2024-32479 LibreNMS's Improper Sanitization on Service template name leads to Stored XSS
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the Service template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability...
PT-2024-24602 · Librenms · Librenms
Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.4.0 Description: The issue is related to improper sanitization on the Service template name, which can lead to stored Cross-site Scripting. This can be exploited by modifying the template name with crafted...
CVE-2024-24680
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings...
Cross site scripting
A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The module parameter on the Service.template.cls endpoint does not properly neutralise user input, resulting in the vulnerability...
Axiell Iguana CMS 跨站脚本漏洞
Axiell Iguana CMS is a control-based platform from Axiell Inc. for personalizing and communicating with customers. Axiell Iguana CMS suffers from a security vulnerability that originates from an error in the module parameter of Service.template.cls, which can be exploited by an attacker to execut...
Cross-site Scripting (XSS) - Stored in librenms/librenms
Description Stored XSS in create/modify Transport Groups, Add/Edit Service and Edit Service Template Proof of Concept Payload: ' PoC image: Xss payload in create/modify Transport Groups Xss payload in Add/Edit Service Xss payload in Edit Service Template XSS will fire-up by user visiting: 1...
Design/Logic Flaw
An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletion. It allows Uncontrolled Resource Consumption...
CVE-2019-13007
Removed by vendor...
FreeBSD : Gitlab -- Multiple Vulnerabilities (4ea507d1-9da8-11e9-a759-001b217b3468)
Gitlab reports : Ability to Write a Note to a Private Snippet Recent Pipeline Information Disclosed to Unauthorised Users Resource Exhaustion Attack Error Caused by Encoded Characters in Comments Authorization Issues in GraphQL Number of Merge Requests was Accessible Enabling One of the Service...
FreeBSD : Gitlab -- Multiple vulnerabilities (d889d32c-ecd9-11e8-9416-001b217b3468)
Gitlab reports : Persistent XSS Autocompletion Unauthorized service template creation C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2021 Jacques Vidrine and contributors Redistribution and us...
Gitlab -- Multiple vulnerabilities
Gitlab reports: Persistent XSS Autocompletion Unauthorized service template creation...