Lucene search
K

4480 matches found

RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.13 views

CVE-2026-11362

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The formatevent method used by the event method does not validate the content of the tags, whi...

9.8CVSS5.4AI score0.00447EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.16 views

CVE-2026-9270

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The sendstats method does not remove newlines from metric names $stat variable, allowing attackers to change t...

9.1CVSS5.5AI score0.00331EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.7 views

EulerOS Virtualization 2.10.1 : vim (EulerOS-SA-2026-2039)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag...

7.5CVSS5.9AI score0.00284EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.11 views

EulerOS Virtualization 2.12.0 : vim (EulerOS-SA-2026-2116)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style...

7.8CVSS7.3AI score0.01162EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.9 views

EulerOS Virtualization 2.10.0 : vim (EulerOS-SA-2026-2066)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag...

7.5CVSS5.9AI score0.00284EPSS
Exploits1References4
Snyk
Snyk
added 2026/06/05 9:45 p.m.9 views

Denial of Service (DoS)

Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to Denial of Service DoS through the ingestion process. An attacker can cause the application to become temporarily unavailable to other users by submitting an event containing an unusually large...

5.3CVSS5.6AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/05 9:45 p.m.12 views

Bugsink: DOS using large numbers of event tags

Summary In affected versions, Bugsink stores every tag supplied with an incoming event. An event with an unusually large number of custom i.e. supplied by an attacker tags can therefore make ingestion spend more time than intended writing tag rows. Bugsink uses a single-writer database...

5.5AI score0.00056EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/05 9:45 p.m.7 views

GHSA-5X67-J5XG-C5GJ Bugsink: DOS using large numbers of event tags

Summary In affected versions, Bugsink stores every tag supplied with an incoming event. An event with an unusually large number of custom i.e. supplied by an attacker tags can therefore make ingestion spend more time than intended writing tag rows. Bugsink uses a single-writer database...

4.3CVSS5.5AI score0.00056EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.10 views

CVE-2026-6202

A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be use...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.7 views

CVE-2026-3673

An authenticated attacker can store a crafted tag value in usertags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element content without escaping. This issue affects...

5.4CVSS5.7AI score0.00201EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.9 views

CVE-2026-1338

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to delete protected container registry tags due to improper authorization...

4.3CVSS5.5AI score0.0019EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.10 views

CVE-2026-42267

Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLEUSER can create a tag with a formula string as its name e.g. =SUM54+51 via POST /api/tags and assign it to a timesheet. When an admin exports timesheets to XLSX, ArrayFormatter.formatValue joi...

6.8CVSS5.3AI score0.0022EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.13 views

CVE-2026-42045

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, when LobeChat processes custom tags in the Render process of src/features/Portal/Artifacts/Body/Renderer/index.tsx, if no type match is found, it will choose to call the...

6.2CVSS6.1AI score0.00266EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.8 views

CVE-2026-4420

Bludit is vulnerable to Stored Cross-Site Scripting XSS in its page creating functionality. An authenticated attacker with page creation privileges such as Author, Editor, or Administrator can embed a malicious JavaScript payload in the tags field of a newly created article. This payload will be...

5.4CVSS5.3AI score0.00161EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.9 views

CVE-2026-40186

ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions 2.17.1 of the ApostropheCMS-maintained sanitize-html package bypasses allowedTags enforcement for text inside nonTextTagsArray elements textarea and option...

6.1CVSS5.7AI score0.00235EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.11 views

CVE-2026-39841

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.3CVSS5.4AI score0.00158EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.8 views

CVE-2026-45342

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authenticated user to modify resources owned by other users. The affected resource types are links, lists...

7.1CVSS5.4AI score0.00225EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.12 views

CVE-2026-39890

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed,...

9.8CVSS6.4AI score0.0058EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.9 views

CVE-2026-44241

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. From 4.3.0 to before 4.10.22, TimeConverterRegistrar caches DateTimeFormatter instances in an unbounded ConcurrentHashMap whose key is derived from the @Format annotation...

7.5CVSS5.6AI score0.00405EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 4:16 p.m.12 views

CVE-2026-9270

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The sendstats method does not remove newlines from metric names $stat variable, allowing attackers to change t...

9.1CVSS0.00331EPSS
Exploits0References3
Rows per page
Query Builder