Lucene search
K

4429 matches found

CNNVD
CNNVD
added 2026/03/28 12:0 a.m.8 views

OpenUI 代码注入漏洞

OpenUI is an open source UI program. A cross-site scripting vulnerability exists in OpenUI 1.0 and earlier versions. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the file frontend/public/annotator/index.html, which can be exploited by an...

5.1CVSS5.9AI score0.00191EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/27 8:35 p.m.2 views

Cross-site Scripting (XSS)

Overview home-assistant-frontend is a The Home Assistant frontend Affected versions of this package are vulnerable to Cross-site Scripting XSS via the History-graph card in the history graph display component. An attacker can execute arbitrary JavaScript in a victim’s browser by supplying a...

8.8CVSS5.9AI score0.00202EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/27 7:58 p.m.13 views

Clerk: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host

Summary The clerkFrontendApiProxy function in @clerk/backend is vulnerable to Server-Side Request Forgery SSRF. An unauthenticated attacker can craft a request path that causes the proxy to send the application's Clerk-Secret-Key to an attacker-controlled server. Affected packages Only applicatio...

7.4CVSS6AI score0.00309EPSS
Exploits0References3Affected Software4
OSV
OSV
added 2026/03/27 7:58 p.m.4 views

GHSA-GJXX-92W9-8V8F Clerk: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host

Summary The clerkFrontendApiProxy function in @clerk/backend is vulnerable to Server-Side Request Forgery SSRF. An unauthenticated attacker can craft a request path that causes the proxy to send the application's Clerk-Secret-Key to an attacker-controlled server. Affected packages Only applicatio...

7.4CVSS6AI score0.00309EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/27 7:58 p.m.11 views

Server-side Request Forgery (SSRF)

Overview @clerk/backend is a Clerk Backend SDK - REST Client for Backend API & JWT verification utilities Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the clerkFrontendApiProxy function. An attacker can obtain secret keys by crafting a request path that...

9.1CVSS5.9AI score0.00309EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 6:39 p.m.4 views

GO-2026-4858 BuildKit's Malicious frontend can cause file escape outside of storage root in github.com/moby/buildkit

BuildKit's Malicious frontend can cause file escape outside of storage root in github.com/moby/buildkit...

9.8CVSS5.8AI score0.00498EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/27 2:24 a.m.1 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal when using a custom frontend. An attacker can write files outside of the intended storage root by crafting a malicious API message when an untrusted frontend is used with syntax or --build-arg BUILDKITSYNTAX. Note:...

9.8CVSS6.5AI score0.00498EPSS
Exploits0References2
NVD
NVD
added 2026/03/27 1:16 a.m.2 views

CVE-2026-33747

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...

9.8CVSS0.00498EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 1:16 a.m.4 views

DEBIAN-CVE-2026-33747

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...

9.8CVSS5.9AI score0.00498EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/27 12:49 a.m.28 views

CVE-2026-33747 BuildKit vulnerable to malicious frontend causing file escape outside of storage root

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...

8.4CVSS0.00498EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/03/27 12:49 a.m.7 views

CVE-2026-33747

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...

9.8CVSS5.9AI score0.00498EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/27 12:49 a.m.3 views

CVE-2026-33747 BuildKit vulnerable to malicious frontend causing file escape outside of storage root

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...

8.4CVSS6AI score0.00498EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:49 a.m.2 views

CVE-2026-33747

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...

8.4CVSS6AI score0.00498EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/27 12:49 a.m.36 views

CVE-2026-33747

CVE-2026-33747 affects BuildKit prior to v0.28.1. When using a custom BuildKit frontend, an untrusted frontend can craft an API message to cause files to be written outside the BuildKit state directory for the execution context, potentially enabling local privilege escalation or unauthorized file...

9.8CVSS6AI score0.00498EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/27 12:49 a.m.6 views

CVE-2026-33747 BuildKit vulnerable to malicious frontend causing file escape outside of storage root

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...

8.4CVSS6AI score0.00498EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/03/27 12:49 a.m.5 views

CVE-2026-33747

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...

9.8CVSS6AI score0.00498EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-33747

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a...

9.8CVSS7.2AI score0.00498EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.9 views

PT-2026-28602

Summary The clerkFrontendApiProxy function in @clerk/backend is vulnerable to Server-Side Request Forgery SSRF. An unauthenticated attacker can craft a request path that causes the proxy to send the application's Clerk-Secret-Key to an attacker-controlled server. Affected packages Only applicatio...

7.4CVSS6AI score0.00309EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/26 6:26 p.m.11 views

BuildKit's Malicious frontend can cause file escape outside of storage root

Impact When using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. Patches The issue has been fixed in v0.28.1+ Workarounds Issue requires using an untrusted BuildKit frontend set...

9.8CVSS5.9AI score0.00498EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/03/26 6:26 p.m.4 views

EUVD-2026-16518

BuildKit's Malicious frontend can cause file escape outside of storage root...

8.4CVSS5.8AI score0.00498EPSS
Exploits0References2
Rows per page
Query Builder