Lucene search
+L

5 matches found

Vulnrichment
Vulnrichment
added 2026/03/31 7:34 p.m.1 views

CVE-2026-34206 Captcha Protect: Reflected XSS in challenge page via unsanitized destination rendered with text/template

Captcha Protect is a Traefik middleware to add an anti-bot challenge to individual IPs in a subnet when traffic spikes are detected from that subnet. Prior to version 1.12.2, a reflected cross-site scripting XSS vulnerability exists in github.com/libops/captcha-protect. The challenge page accepte...

6.1CVSS5.8AI score0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/03/31 7:34 p.m.16 views

CVE-2026-34206

Captcha Protect is a Traefik middleware that applies an anti-bot challenge per-subnet. Before v1.12.2, there is a reflected XSS in the challenge page where a client-supplied destination value is rendered with Go text/template (which lacks contextual HTML escaping). An attacker could craft a desti...

6.1CVSS5.8AI score0.00187EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/31 7:34 p.m.6 views

CVE-2026-34206 Captcha Protect: Reflected XSS in challenge page via unsanitized destination rendered with text/template

Captcha Protect is a Traefik middleware to add an anti-bot challenge to individual IPs in a subnet when traffic spikes are detected from that subnet. Prior to version 1.12.2, a reflected cross-site scripting XSS vulnerability exists in github.com/libops/captcha-protect. The challenge page accepte...

6.1CVSS5.8AI score0.00187EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/25 6:9 p.m.13 views

OneUptime: OS Command Injection in Probe NetworkPathMonitor via unsanitized destination in traceroute exec()

Summary An OS command injection vulnerability in NetworkPathMonitor.performTraceroute allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell metacharacters into a monitor's destination field. Details The vulnerability exists in...

9.9CVSS6.5AI score0.01729EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2020/09/02 3:5 p.m.3 views

GHSA-4QQC-MP5F-CCV4 Command Injection in bestzip

Versions of bestzip prior to 2.1.7 are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an exec call on the zip function . This may allow attackers to execute arbitrary code in the system as long as the values of destination is user-controlled...

6.2AI score
Exploits0References1
Rows per page
Query Builder