Lucene search
K

7 matches found

Github Security Blog
Github Security Blog
added 2026/06/16 11:40 p.m.8 views

Gogs: Overwriting critical files results in a denial of service

Vulnerability type: Path Traversal Impact: DoS Exploitation prerequisite: authorized user Description: As an authorized user, an intruder can dictate the value which is passed to the git diff command which, together with bypassing the filtering of the passed value, allows the user to bypass the...

8.5CVSS5.9AI score0.0035EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-1234

Malware in sbrugna...

7.5CVSS7.6AI score0.01738EPSS
Exploits1References3
NVD
NVD
added 2025/09/04 12:15 p.m.6 views

CVE-2025-41060

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/tree...

5.4CVSS0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/04 11:14 a.m.9 views

CVE-2025-41060 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/tree...

5.1CVSS0.00162EPSS
Exploits0References1
CVE
CVE
added 2025/09/04 11:14 a.m.15 views

CVE-2025-41060

CVE-2025-41060 (appRain CMF 4.0.5) : A stored authenticated XSS flaw exists due to insufficient validation of input on the /apprain/developer/addons/update/tree endpoint. The attackable data fields are the parameters data[Addon][layouts] and data[Addon][layouts_except], which can store and execut...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/15 10:53 a.m.16 views

CVE-2022-1884 Remote Command Execution in gogs/gogs

A remote command execution vulnerability exists in gogs/gogs versions =0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the treepath parameter during file uploads. An attacker can set treepath=.git. to upload a file into the .git directory, allowing...

10CVSS7.1AI score0.01774EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.8 views

Gogs 操作系统命令注入漏洞

Gogs Go Git Service is a self-service Git hosting service based on the Go language by the Gogs team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. An operating system command injection vulnerability exists in Gogs 0.12....

10CVSS9.5AI score0.01774EPSS
Exploits1References1
Rows per page
Query Builder