A stored cross-site scripting vulnerability has been reported for Gogs. This vulnerability is due to improper validation of full names. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server.

A command injection vulnerability has been reported in VanDyke VShell Server. The vulnerability is caused by insufficient sanitization of input passed to trigger action commands.

An SQL injection has been reported in Delta Industrial Automation DIAEnergie. The vulnerability is due to insufficient input validation when processing requests to the DIAE_loopmapHandler.ashx endpoint.

An SQL injection has been reported in Delta Industrial Automation DIAEnergie. The vulnerability is due to lack of validation when processing order_by parameter in DIAE_dmdsetHandler.ashx endpoint.

Threat Encyclopedia

1231787

WEB Gogs Full Name Stored Cross-Site Scripting (CVE-2022-32174)

Critical

2026/02/03

1231299

WEB VanDyke VShell Server Trigger Command Injection (CVE-2022-28054)

Critical

2026/02/03

1231355

ICS Delta Industrial Automation DIAEnergie DIAE_loopmapHandler.ashx SQL Injection (CVE-2022-26887)

Critical

2026/02/03

1231683

ICS Delta Industrial Automation DIAEnergie DIAE_dmdsetHandler.ashx order_by SQL Injection (CVE-2022-26013)

Critical

2026/02/03