CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
SiYuan is an open-source personal knowledge management system. Prior to version 3.7.0, Lute's HTML sanitizer does not remove <iframe> elements, allowing an attacker to include a malicious <iframe> in a Bazaar package README that executes arbitrary commands on the victim's machine.
A vulnerability in SiYuan before version 3.7.0 allows JavaScript execution in the administrator's context by rendering a Bazaar package README. The flaw stems from an incomplete allowlist of event attributes in the lute sanitizer engine, which passes modern event handlers (e.g., onpointerover, onpointerdown) through.
SiYuan is an open-source personal knowledge management system. In versions prior to 3.7.0, a vulnerability allowed an unauthenticated attacker to read arbitrary files in WorkspaceDir by double URL-encoding in the /assets/*path route.
Sentry is an error tracking and performance monitoring tool. From version 24.4.0 to 26.5.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Sentry's event ingestion pipeline, where a regex applied to attacker-controlled fields on incoming events can be made to consume disproportionate CPU time.
Appsmith before version 2.1 exposes the supervisord XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/* on the public ingress. Combined with the APPSMITH_SUPERVISOR_PASSWORD exposed via GET /api/v1/admin/env, any authenticated administrator can send arbitrary XML-RPC calls to supervisord and execute OS commands inside the Docker container via twiddler.addProgramToGroup.
A heap-based buffer overflow vulnerability in GIMP's HDR file parsing allows remote code execution. Exploitation requires user interaction, such as opening a malicious file or visiting a crafted webpage.
A vulnerability in MosaicML Composer allows remote code execution through the deserialization of untrusted data. User interaction is required to exploit this vulnerability, meaning the victim must visit a malicious page or open a malicious file.
A potential security vulnerability has been identified in the HP Accessory WMI Provider installer for some HP Docking Stations, which might allow escalation of privilege and/or arbitrary code execution. HP is releasing software updates to mitigate the potential vulnerability.
In Gogs before version 0.14.3, the LFS storage uses only the OID for content addressing, but per-repo authorization is checked based on (repo_id, oid). The serveUpload function skips re-uploading if the OID file already exists on disk and inserts a new (repo_id, oid) row pointing to it without verifying that the request body hashes to the claimed OID. A user with write access to one repo can bind their repo to an OID owned by a private repo and download the original bytes via their own download endpoint.
Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git smart HTTP authorized POST …/git-receive-pack using the client-supplied service query string, allowing push where only read should be allowed.
Gogs is an open source Git service that prior to version 0.14.3 had three API endpoints secured by reqRepoWriter() instead of reqRepoAdmin(). This allows collaborators with lower access levels than admin to perform unauthorized operations.
In Gogs before version 0.14.3, an SSRF vulnerability was found in the repository migration functionality. The application validates only the initially submitted URL hostname, but git clone --mirror follows HTTP redirects. An authenticated user can submit a public URL that redirects to an internal endpoint (e.g., 127.0.0.1), importing the internal repository's contents into an attacker-controlled repository.
Gogs is an open source Git service that prior to version 0.14.3 had a vulnerability in the mirror settings functionality, allowing authenticated users to import local repositories without proper protection. The issue stems from a lack of validation in the SaveAddress function.
Gogs before version 0.14.3 allows organization team member management via GET requests without CSRF protection. An attacker can exploit this vulnerability by tricking a logged-in organization owner into visiting a crafted link, resulting in adding an attacker-controlled user to the Owners team and gaining organization owner-equivalent privileges.
Gogs is an open source Git service that prior to version 0.14.3 allowed downloading attachments without verifying user permissions. Unauthenticated users could download attachments from private repositories.
Gogs is an open-source Git service that prior to version 0.14.3 had a vulnerability allowing the execution of malicious JavaScript code. Although .ipynb previews were sanitized on the server side, their content was re-rendered on the client side without proper sanitization, leading to the possibility of XSS attacks.
Gogs is an open source Git service that, prior to version 0.14.0, allowed authorized users to manipulate the value passed to the git diff command. This enabled users to bypass filtering and write the comparison result to any arbitrary location.
Mastodon prior to versions 4.5.11, 4.4.18, and 4.3.24 contains a DoS vulnerability due to missing exception handling in the math sanitizer. Malformed <math> nodes can lead to a DoS of the entire server or targeted user services, depending on the actions involving those nodes.
Gogs is an open source self-hosted Git service. In versions prior to 0.14.3, the fix for CVE-2022-1285 prevented adding webhooks or running them with URLs whose hostname resolves in localCIDRs. However, webhooks still follow redirects allowing access to hostnames inside localCIDRs.
A vulnerability in Rocket.Chat before versions 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11 allows an attacker to modify any field in their own upload record. This occurs because the sendFileMessage DDP method passes the entire file object into Uploads.updateFileComplete, which merges it directly into a MongoDB $set update via Object.assign without an allow-list of writable fields.

