7 matches found
Gogs: Overwriting critical files results in a denial of service
Vulnerability type: Path Traversal Impact: DoS Exploitation prerequisite: authorized user Description: As an authorized user, an intruder can dictate the value which is passed to the git diff command which, together with bypassing the filtering of the passed value, allows the user to bypass the...
EUVD-2021-1234
Malware in sbrugna...
CVE-2025-41060
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/tree...
CVE-2025-41060 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/tree...
CVE-2025-41060
CVE-2025-41060 (appRain CMF 4.0.5) : A stored authenticated XSS flaw exists due to insufficient validation of input on the /apprain/developer/addons/update/tree endpoint. The attackable data fields are the parameters data[Addon][layouts] and data[Addon][layouts_except], which can store and execut...
CVE-2022-1884 Remote Command Execution in gogs/gogs
A remote command execution vulnerability exists in gogs/gogs versions =0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the treepath parameter during file uploads. An attacker can set treepath=.git. to upload a file into the .git directory, allowing...
Gogs 操作系统命令注入漏洞
Gogs Go Git Service is a self-service Git hosting service based on the Go language by the Gogs team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. An operating system command injection vulnerability exists in Gogs 0.12....