Lucene search
K

41 matches found

CVE
CVE
added 4 days ago7 views

CVE-2026-58493

CVE-2026-58493 affects grav-plugin-database (Grav CMS) prior to 1.2.0. The plugin builds PDO DSN strings by concatenating user-configurable YAML values (host, dbname, charset, server, database, directory, filename) without sanitization, enabling an administrator with plugin config access to injec...

5.1CVSS6.1AI score0.00288EPSS
Exploits0References3
OSV
OSV
added last week4 views

DEBIAN-CVE-2026-14380

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package...

8.8CVSS6.3AI score0.00498EPSS
Exploits0References1
NVD
NVD
added last week7 views

CVE-2026-14380

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package...

8.8CVSS0.00498EPSS
Exploits0References4
CVE
CVE
added last week12 views

CVE-2026-14380

CVE-2026-14380 affects DBI for Perl when using versions before 1.650. A string assigned to the Profile attribute of a DBI handle is split into path, package and arguments, and the package name is interpolated in an unvalidated string eval, allowing arbitrary Perl code execution if untrusted data ...

8.8CVSS6.3AI score0.00498EPSS
Exploits0References4Affected Software1
The Hacker News
The Hacker News
added 2026/06/12 12:4 p.m.27 views

Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code

Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence AI coding agents into running arbitrary code on developer machines. Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake error report crafted usi...

6.6AI score
Exploits0
OSV
OSV
added 2026/05/21 12:28 p.m.12 views

MAL-2026-4564 Malicious code in finup-mongo-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d9d0b210938322b805e1c8d94db07f45ca029fc4e69fb3a57f424eb885c1a39 dist/common/instrument.js calls Sentry.init at module top level with a hardcoded DSN pointing at the author's Sentry project...

5.8AI score
Exploits0References12
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in libdbi-perl

A issue was discovered in the DBI module through version 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically specified via the fdir attribute in the data source name DSN. NOTE: This issue exists due to an incomplete fix for CVE-2014-10401...

6.1CVSS6.7AI score0.00488EPSS
Exploits1References2
OSV
OSV
added 2026/05/16 2:47 p.m.6 views

CLSA-2026-1778938383 Fix CVE(s): CVE-2026-43964

SECURITY UPDATE: Fix buffer over-read in DSN code parsing dsnsplit - debian/patches/CVE-2026-43964.patch: Fix buffer over-read in DSN code parsing dsnsplit - CVE-2026-43964...

7.5CVSS6AI score0.00415EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/29 9:37 p.m.95 views

Exploit for Server-Side Request Forgery in Chamilo Chamilo_Lms

CVE-2026-33715 — Unauthenticated SSRF + Open Email Relay in Ch...

7.2CVSS5.9AI score0.00208EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/04/16 4:32 p.m.7 views

CVE-2026-40091

A flaw was found in SpiceDB. When SpiceDB starts with log level info, the startup configuration log will expose the full datastore Data Source Name DSN, including the plaintext password. This vulnerability allows an attacker with access to these logs to obtain sensitive database credentials,...

6CVSS5.8AI score0.00166EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/14 9:5 p.m.6 views

CVE-2026-33715

Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.ajax.php is accessible without authentication on fully installed instances because, unlike other AJAX endpoints, it does not include the global.inc.php file that performs...

7.2CVSS5.8AI score0.00208EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/25 2:31 a.m.5 views

CVE-2026-27614

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. When Pygments...

9.3CVSS5.7AI score0.00286EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/20 9:56 p.m.31 views

CVE-2025-64508

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" highly compressed brotli streams, such as many zeros can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the...

7.5CVSS6.8AI score0.00457EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/13 12:11 a.m.4 views

EUVD-2025-50819

Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input via CPU...

7.5CVSS6.3AI score0.00305EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/13 12:10 a.m.6 views

EUVD-2025-50818

Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input...

7.5CVSS6.3AI score0.00457EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/11/11 10:44 p.m.5 views

CVE-2025-64509

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.6, a specially crafted Brotli-compressed envelope can cause Bugsink to spend excessive CPU time in decompression, leading to denial of service. This can be done if the DSN is known, which it is in many common setups JavaScript...

7.5CVSS6.4AI score0.00457EPSS
Exploits0References1
NVD
NVD
added 2025/11/10 10:15 p.m.5 views

CVE-2025-64509

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.6, a specially crafted Brotli-compressed envelope can cause Bugsink to spend excessive CPU time in decompression, leading to denial of service. This can be done if the DSN is known, which it is in many common setups JavaScript...

7.5CVSS0.00305EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/10 9:44 p.m.10 views

CVE-2025-64508 Bugsink vulnerable to unauthenticated remote DoS via crafted Brotli input

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" highly compressed brotli streams, such as many zeros can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the...

7.5CVSS0.00457EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.5 views

PT-2025-46208

Name of the Vulnerable Software and Affected Versions Bugsink versions prior to 2.0.6 Description Bugsink is a self-hosted error tracking tool. A specially crafted Brotli-compressed envelope can cause Bugsink to expend excessive CPU time during decompression, resulting in a denial of service. Thi...

7.5CVSS5.9AI score0.00305EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.6 views

PT-2025-46207

Name of the Vulnerable Software and Affected Versions Bugsink versions prior to 2.0.5 Description Bugsink is a self-hosted error tracking tool susceptible to a Denial of Service. Specifically, specially crafted brotli compressed data streams, known as “bombs” highly compressed brotli streams...

7.5CVSS6AI score0.00457EPSS
Exploits0References19
Rows per page
Query Builder