CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

747 matches found

Github Security Blog•added 2026/06/12 3:4 p.m.•10 views

Firefly II has Stored XSS in Audit Log Entry view via piggy bank name (ale.twig)

Summary The Twig template resources/views/list/ale.twig renders the piggy bank name from AuditLogEntry.after.piggy using the |raw filter, bypassing Twig's auto-escaping. A piggy bank created with an HTML payload in its name executes arbitrary JavaScript in any browser viewing that transaction's...

5.5AI score

Exploits0References3Affected Software1

OSV•added 2026/06/12 3:4 p.m.•4 views

GHSA-6JQ6-X4CX-QVCM Firefly II has Stored XSS in Audit Log Entry view via piggy bank name (ale.twig)

5.1CVSS5.5AI score

Exploits0References3

CNNVD•added 2026/06/11 12:0 a.m.•9 views

Cerebrate 信息泄露漏洞

Cerebrate is an open-source platform developed by Cerebrate. It aims to act as an interconnected coordinator for trusted contact information providers and other security tools. Prior to version 1.37 of Cerebrate, there was a vulnerability involving information leakage, which stemmed from exposing...

5.1CVSS5.3AI score0.00242EPSS

Exploits0References1

RedhatCVE•added 2026/06/09 2:59 p.m.•7 views

CVE-2026-8078

Stored cross-site scripting in the global settings change log in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can change global settings to store malicious HTML or JavaScript in changelog messages that executes in other users' browsers when they view the...

4.8CVSS5.2AI score0.00142EPSS

Exploits0References1

Cvelist•added 2026/06/09 1:11 p.m.•29 views

CVE-2026-11792 389-ds-base: 389-ds-base: heap buffer overflow in audit log password masking (create_masked_entry_string)

A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the createmaskedentrystring function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space. If a short cleartext password is logged requiri...

3.3CVSS0.00257EPSS

Exploits0References4

Tenable Nessus•added 2026/06/09 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-11792

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the createmaskedentrystring function in auditlog.c copies a...

3.3CVSS5.6AI score0.00257EPSS

Exploits0References4

Github Security Blog•added 2026/06/08 11:35 p.m.•8 views

nebula-mesh: GET /api/v1/audit-log discloses all entries to any operator

internal/api/audit.go:12 — handleGetAuditLog does no admin check. The route is bearer-auth gated only; any operator API key returns the full audit log via store.ListAuditEntries up to limit=1000. This includes cross-tenant actor names, host/CA/operator IDs, action timestamps, and masked-IP entrie...

5.5AI score0.00043EPSS

Exploits0References4Affected Software1

OSV•added 2026/06/08 11:35 p.m.•7 views

GHSA-QM33-P5P9-F8VG nebula-mesh: GET /api/v1/audit-log discloses all entries to any operator

7.1CVSS5.5AI score0.00043EPSS

Exploits0References4

NVD•added 2026/06/08 1:16 p.m.•10 views

CVE-2026-8078

4.8CVSS0.00142EPSS

Exploits0References1

OSV•added 2026/06/08 1:16 p.m.•5 views

UBUNTU-CVE-2026-8078

4.8CVSS5.2AI score0.00142EPSS

Exploits0References3

Vulnrichment•added 2026/06/08 12:6 p.m.•8 views

CVE-2026-8078 Fix stored XSS in global settings change log

4.8CVSS5.2AI score0.00142EPSS

Exploits0References1

EUVD•added 2026/06/08 12:6 p.m.•8 views

EUVD-2026-35052

4.8CVSS5.2AI score0.00142EPSS

Exploits0References1

Cvelist•added 2026/06/08 12:6 p.m.•41 views

CVE-2026-8078 Fix stored XSS in global settings change log

4.8CVSS0.00142EPSS

Exploits0References1

CVE•added 2026/06/08 12:6 p.m.•24 views

CVE-2026-8078

CVE-2026-8078 is a stored cross-site scripting vulnerability in Checkmk’s global settings change log. It affects Checkmk versions <2.5.0p5, <2.4.0p31,

4.8CVSS5.2AI score0.00142EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/06/08 12:0 a.m.•8 views

PT-2026-47623

7.1CVSS5.5AI score0.00043EPSS

Exploits0References5

Positive Technologies•added 2026/06/08 12:0 a.m.•7 views

PT-2026-47286

4.8CVSS5.2AI score0.00142EPSS

Exploits0References2

Positive Technologies•added 2026/06/08 12:0 a.m.•7 views

PT-2026-47578

7.1CVSS5.5AI score

Exploits0References5

RedhatCVE•added 2026/06/06 12:43 p.m.•13 views

CVE-2026-21028

Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information...

5.5CVSS5.4AI score0.00093EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:50 p.m.•5 views

CVE-2021-47935

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

8.8CVSS6.7AI score0.00927EPSS

Exploits1References1

NVD•added 2026/06/05 11:16 a.m.•11 views

CVE-2026-21028

Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information...

5.5CVSS0.00093EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by