|
1761
|
9.9 |
CRITICAL
Network
|
-
|
-
|
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, CSS snippet body containing </style> breaks out of its surrounding <style> tag when renderSnippet() interpolates it via …
|
CWE-79 CWE-1188
Cross-site Scripting Insecure Default Initialization of Resource
|
CVE-2026-54067
|
2026-06-26 01:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1762
|
4.0 |
MEDIUM
Network
|
-
|
-
|
Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing an attacker to coerce the Ghos…
|
CWE-367 CWE-918
Time-of-check Time-of-use (TOCTOU) Race Condition Server-Side Request Forgery (SSRF)
|
CVE-2026-53945
|
2026-06-26 01:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1763
|
- |
|
-
|
-
|
Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs has an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint at internal/route/api/v…
|
CWE-200
Information Exposure
|
CVE-2026-52815
|
2026-06-26 01:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1764
|
- |
|
-
|
-
|
Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied service query string (so ?service=git-upload-pack is evalu…
|
CWE-284
Improper Access Control
|
CVE-2026-52810
|
2026-06-26 01:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1765
|
7.1 |
HIGH
Network
|
-
|
-
|
Gogs is an open source self-hosted Git service. Prior to 0.14.3, three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:o…
|
CWE-269 CWE-863
Improper Privilege Management Incorrect Authorization
|
CVE-2026-52808
|
2026-06-26 01:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1766
|
- |
|
-
|
-
|
Gogs is an open source self-hosted Git service. Prior to 0.14.3, in new_form.tmpl, milestone names are rendered with Go's default auto-escaping ({{.Name}}), which converts < to < etc. This prevent…
|
CWE-79
Cross-site Scripting
|
CVE-2026-52807
|
2026-06-26 01:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1767
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, because the access check in the Watch API handler …
|
CWE-863
Incorrect Authorization
|
CVE-2026-52795
|
2026-06-26 01:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1768
|
7.5 |
HIGH
Network
|
messagepack
|
messagepack
|
MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, UnsafeBlitFormatterBase<T>.Deserialize reads an attacker-controlled byteLength from an extension payload and allocat…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-48514
|
2026-06-26 01:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1769
|
7.5 |
HIGH
Network
|
messagepack
|
messagepack
|
MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStep(ref …
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-48513
|
2026-06-26 01:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1770
|
7.5 |
HIGH
Network
|
messagepack
|
messagepack
|
MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's JSON conversion helpers contain multiple recursion paths that do not consistently enforce a dep…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-48512
|
2026-06-26 01:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|