Lucene search
K

8276 matches found

Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.7 views

PT-2026-49061

Summary In affected versions, Bugsink stores every tag supplied with an incoming event. An event with an unusually large number of custom i.e. supplied by an attacker tags can therefore make ingestion spend more time than intended writing tag rows. Bugsink uses a single-writer database...

4.3CVSS5.5AI score0.00056EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.11 views

PT-2026-46972

Name of the Vulnerable Software and Affected Versions DataDog::DogStatsd versions prior to 0.08 Description DataDog::DogStatsd does not properly sanitize input, allowing metric injections from untrusted sources. The send stats function fails to remove newlines from the $stat variable, which enabl...

9.1CVSS5.5AI score0.00331EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/04 5:36 p.m.13 views

kas's late signature validation may allow unnoticed repository manipulations

Impact So far, kas checks out and processes repositories regarding configuration includes prior to validating signatures of those repositories. This may allow to replace on original repository with one under the control of an attacker under very specific conditions. First of all, the attacker mus...

5.8AI score0.00021EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/06/04 4:16 p.m.9 views

CVE-2026-38570

bacnetstack 1.3.1 contains an Out-of-bounds Read in bacnettagnumberdecode which allows attackers to cause a denial of service...

7.5CVSS0.00278EPSS
Exploits0References2
OSV
OSV
added 2026/06/04 3:52 p.m.4 views

MINI-WJ5J-973C-7XPC

Bulletin has no description...

7.5CVSS5.7AI score0.00389EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.16 views

PT-2026-46256

bacnet stack 1.3.1 contains an Out-of-bounds Read in bacnet tag number decode which allows attackers to cause a denial of service...

5.8AI score0.00278EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:0 a.m.6 views

CVE-2026-38570

bacnetstack 1.3.1 contains an Out-of-bounds Read in bacnettagnumberdecode which allows attackers to cause a denial of service...

5.8AI score0.00278EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.16 views

PT-2026-46846

Impact So far, kas checks out and processes repositories regarding configuration includes prior to validating signatures of those repositories. This may allow to replace on original repository with one under the control of an attacker under very specific conditions. First of all, the attacker mus...

2.1CVSS5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.15 views

PT-2026-46879

Impact So far, kas checks out and processes repositories regarding configuration includes prior to validating signatures of those repositories. This may allow to replace on original repository with one under the control of an attacker under very specific conditions. First of all, the attacker mus...

2.1CVSS5.8AI score0.00021EPSS
Exploits0References6
CVE
CVE
added 2026/06/04 12:0 a.m.24 views

CVE-2026-38570

CVE-2026-38570 : Affected component is bacnet_stack 1.3.1. The issue is an Out-of-bounds Read in bacnet_tag_number_decode, which leads to a denial of service. Documented impact is availability loss with a CVSS v3.1 base score of 7.5 (Network, Low attack complexity, No privileges or user interacti...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References2
Hacker One
Hacker One
added 2026/06/03 10:27 p.m.7 views

Revive Adserver: Reflected XSS via unsanitised refresh parameter in zone invocation tag

A missing sanitization of user input in the zone-include.php script of Revive Adserver 6.0.7 and earlier was reported. This vulnerability allowed a low-privileged user to perform reflected XSS attacks by exploiting the refresh parameter of the iFrame invocation tag...

6.1CVSS5.8AI score0.00215EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/03 1:2 p.m.33 views

CVE-2026-10729 HTML injection in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens

An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: fr...

2.1CVSS0.00204EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 1:2 p.m.8 views

CVE-2026-10729

An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: fr...

2.1CVSS5.8AI score0.00204EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/02 10:52 p.m.12 views

CVE-2026-2614

A flaw was found in mlflow. An unauthenticated remote attacker can exploit a vulnerability in the createmodelversion handler by including a specific tag, mlflow.prompt.isprompt, in a CreateModelVersion request. This bypasses source path validation, allowing the attacker to specify an arbitrary...

7.5CVSS7.1AI score0.00657EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/02 10:2 p.m.10 views

CVE-2026-10287

A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function getheaders of the file /index.php. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

7.5CVSS6.8AI score0.00294EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 9:16 a.m.15 views

CVE-2026-9722

The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPageFields function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.00131EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/02 7:48 a.m.38 views

CVE-2026-9722 Laiser Tag <= 1.2.5 - Cross-Site Request Forgery to Plugin Settings Update via Settings Form

The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPageFields function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.00131EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/02 7:48 a.m.10 views

CVE-2026-9722 Laiser Tag <= 1.2.5 - Cross-Site Request Forgery to Plugin Settings Update via Settings Form

The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPageFields function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.00131EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/02 7:48 a.m.11 views

EUVD-2026-33899

The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPageFields function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.00131EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:48 a.m.10 views

CVE-2026-9722

The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPageFields function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.00131EPSS
Exploits0References5
Rows per page
Query Builder