Lucene search
K

7 matches found

CVE
CVE
added 2026/06/25 4:34 a.m.116 views

CVE-2026-1606

CVE-2026-1606 affects GitLab CE/EE (versions 14.8–before 18.11.6, 19.0–before 19.0.3, 19.1–before 19.1.1). The issue stems from improper input validation and could allow an authenticated user to conceal content within a Snippet. The CVSSv3.1 vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N ...

4.3CVSS5.9AI score0.00223EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/25 4:34 a.m.32 views

CVE-2026-1606 Improper Control of Generation of Code ('Code Injection') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.8 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to conceal content within a Snippet due to improper input validation...

4.3CVSS0.00223EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-7743

Malware in sbrugna...

7.2CVSS7.3AI score0.01649EPSS
Exploits1References2
NVD
NVD
added 2021/07/01 9:15 p.m.18 views

CVE-2020-23219

Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module...

8.8CVSS0.0158EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/07/01 8:40 p.m.24 views

CVE-2020-23219

Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module...

8.9AI score0.0158EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/07/01 12:0 a.m.2 views

Monstra CMS 代码注入漏洞

Monstra is a lightweight content management system CMS. A remote code execution vulnerability exists in Monstra version 3.0.4. The vulnerability can be exploited to execute arbitrary code via the "Snippet content" field under the "Edit Snippet" module...

8.8CVSS6.9AI score0.0158EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/09/10 1:0 p.m.18 views

CVE-2018-15886

Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=editsnippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code after a ?php substring...

7.8AI score0.01649EPSS
Exploits1References1
Rows per page
Query Builder