Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

52229 matches found

vulnersOsv
vulnersOsvadded 2026/02/11 9:30 p.m.3 views

0.edsql (>=1.0.49 <=1.0.50), 4itech-schematics (>=10.0.2-0 <=11.7.0-5) +9716 more potentially affected by CVE-2025-69873 via ajv (>=7.0.0-beta.0 <=8.17.1)

ajv NPM version =7.0.0-beta.0, =1.0.49, =10.0.2-0, =4.11.2, =0.1.0, =0.1.1, =0.0.1-251008.90016, =1.0.0, =1.4.0, =0.0.2, =2.0.0, =11.7.0, =0.1.0, =0.6.111, =15.0.0, =20.0.0-renovate-fd1892-me5sbqz0 and more Source cves: CVE-2025-69873 Source advisory: OSV:GHSA-2G4F-4PWH-QVX6...

7.5CVSS6.6AI score0.00015EPSS
Exploits1
Github Security Blog
Github Security Blogadded 2026/02/11 9:30 p.m.7 views

ajv has ReDoS when using `$data` option

ajv Another JSON Schema Validator through version 8.17.1 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor...

7.5CVSS5.9AI score0.00015EPSS
Exploits1References10Affected Software1
Vulnrichment
Vulnrichmentadded 2026/02/11 9:5 p.m.2 views

CVE-2026-26010 Leaky JWTs in OpenMetadata exposing highly-privileged bot users

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres. Any read-only user can gain access to a highly privileged account, typically which has the...

7.6CVSS5.5AI score0.00018EPSS
Exploits1References2
CVE
CVEadded 2026/02/11 9:5 p.m.8 views

CVE-2026-26010

OpenMetadata CVE-2026-26010 describes a leakage of JWTs through calls to /api/v1/ingestionPipelines from the UI, prior to version 1.11.8. Read-only users could obtain tokens used by the ingestion-bot for services such as Glue, Redshift, and Postgres, enabling access to a highly privileged Ingesti...

7.6CVSS7.3AI score0.00018EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2026/02/11 8:23 p.m.6 views

CVE-2026-25062

Outline (the Outline service) prior to version 1.4.0 is vulnerable via JSON import where attachments[].key is passed to path.join(rootPath, node.key) and then read with fs.readFile without validation, enabling path traversal (e.g., ../ or absolute paths) to read arbitrary server files and import ...

5.5CVSS5.8AI score0.00038EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/02/11 8:23 p.m.20 views

CVE-2026-25062 Outline Affected an Arbitrary File Read via Path Traversal in JSON Import

Outline is a service that allows for collaborative documentation. Prior to 1.4.0, during the JSON import process, the value of attachments.key from the imported JSON is passed directly to path.joinrootPath, node.key and then read using fs.readFile without validation. By embedding path traversal...

5.5CVSS0.00038EPSS
Exploits1References2
OSV
OSVadded 2026/02/11 8:23 p.m.4 views

CVE-2026-25062 Outline Affected an Arbitrary File Read via Path Traversal in JSON Import

Outline is a service that allows for collaborative documentation. Prior to 1.4.0, during the JSON import process, the value of attachments.key from the imported JSON is passed directly to path.joinrootPath, node.key and then read using fs.readFile without validation. By embedding path traversal...

5.5CVSS5.9AI score0.00038EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2026/02/11 7:44 p.m.2 views

CVE-2025-6967

Execution After Redirect EAR vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking aka JavaScript Hijacking, Authentication Bypass.This issue affects CMS: through 10022026. NOTE: The vendor was contacted early about this disclosure but...

8.7CVSS5.4AI score0.00033EPSS
Exploits0References1
OSV
OSVadded 2026/02/11 7:15 p.m.2 views

DEBIAN-CVE-2025-69873

ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...

2.9CVSS6.4AI score0.00015EPSS
Exploits1References1
NVD
NVDadded 2026/02/11 7:15 p.m.4 views

CVE-2025-69873

ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...

7.5CVSS0.00015EPSS
Exploits1References6
OSV
OSVadded 2026/02/11 7:15 p.m.0 views

UBUNTU-CVE-2025-69873

ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...

7.5CVSS6.5AI score0.00015EPSS
Exploits1References3
Snyk
Snykadded 2026/02/11 2:23 p.m.1 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the api/v1/ingestionPipelines endpoint, which exposes JWT tokens used by privileged bot accounts in API responses. An attacker can gain unauthorized access to sensitive data and...

7.6CVSS5.6AI score0.00018EPSS
Exploits1References2
NVD
NVDadded 2026/02/11 12:16 p.m.3 views

CVE-2026-0958

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion by bypassing JSON validation middleware limits...

7.5CVSS0.00037EPSS
Exploits0References3
OSV
OSVadded 2026/02/11 12:16 p.m.0 views

UBUNTU-CVE-2026-0958

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion by bypassing JSON validation middleware limits...

7.5CVSS5.8AI score0.00037EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/02/11 11:33 a.m.22 views

CVE-2026-0958 Interpretation Conflict in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion by bypassing JSON validation middleware limits...

7.5CVSS0.00037EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/02/11 11:33 a.m.3 views

CVE-2026-0958

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion by bypassing JSON validation middleware limits...

7.5CVSS5.6AI score0.00037EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/02/11 11:33 a.m.3 views

CVE-2026-0958 Interpretation Conflict in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion by bypassing JSON validation middleware limits...

7.5CVSS5.6AI score0.00037EPSS
Exploits0References3
CVE
CVEadded 2026/02/11 11:33 a.m.11 views

CVE-2026-0958

CVE-2026-0958 affects GitLab CE/EE versions 18.4 up to before 18.6.6, 18.7 up to before 18.7.4, and 18.8 up to before 18.8.4. An unauthenticated user could cause a denial of service by exhausting memory or CPU, via bypassing JSON validation middleware limits. GitLab has remediated with patch rele...

7.5CVSS5.6AI score0.00037EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVEadded 2026/02/11 11:33 a.m.5 views

CVE-2026-0958

Removed by vendor...

7.5CVSS5.8AI score0.00037EPSS
Exploits0
OSV
OSVadded 2026/02/11 11:33 a.m.2 views

CVE-2026-0958 Interpretation Conflict in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion by bypassing JSON validation middleware limits...

7.5CVSS5.6AI score0.00037EPSS
Exploits0References6
Rows per page
Query Builder