Lucene search
K

13 matches found

EUVD
EUVD
added 2026/05/26 4:13 p.m.15 views

EUVD-2026-31855

Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink’s webhook URL validation could be partially bypassed because of a mismatch in URL parsing. The original validation logic parsed webhook URLs with Python’s urllib.parse.urlparse, then sent the request with requests.post. For...

4.3CVSS5.8AI score0.00286EPSS
Exploits0References3
NVD
NVD
added 2026/04/10 6:16 p.m.2 views

CVE-2026-40162

Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authentication token could cause the application to write attacker-controlled content to a filesystem locatio...

7.1CVSS0.00299EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.10 views

PT-2026-21841

Name of the Vulnerable Software and Affected Versions Bugsink versions prior to 2.0.13 Description Bugsink is a self-hosted error tracking tool affected by a stored cross-site scripting XSS issue. An unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScrip...

9.3CVSS6AI score0.00286EPSS
Exploits1References16
EUVD
EUVD
added 2025/11/13 12:11 a.m.3 views

EUVD-2025-50819

Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input via CPU...

7.5CVSS6.3AI score0.00279EPSS
Exploits0References3
OSV
OSV
added 2025/11/13 12:11 a.m.5 views

GHSA-RRX3-2X4G-MQ2H Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU)

Impact In affected versions, a specially crafted Brotli-compressed envelope can cause Bugsink to spend excessive CPU time in decompression, leading to denial of service. This can be done if the DSN is known, which it is in many common setups JavaScript, Mobile Apps. Patches Patched in Bugsink 2.0...

7.5CVSS6.3AI score0.00279EPSS
Exploits0References4
Snyk
Snyk
added 2025/11/10 10:43 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Brotli Decompression process. An attacker can cause excessive CPU consumption by submitting a specially crafted Brotli-compressed...

8.7CVSS6.7AI score0.00279EPSS
Exploits0References2
CVE
CVE
added 2025/11/10 9:44 p.m.14 views

CVE-2025-64508

CVE-2025-64508 affects Bugsink, a self-hosted error-tracking tool. In versions prior to 2.0.5, specially crafted Brotli streams (brotli bombs) can cause memory exhaustion when the server decompresses input before applying limits, enabling a Denial of Service if the DSN is known. The issue is expl...

7.5CVSS6.4AI score0.00418EPSS
Exploits0References8
OSV
OSV
added 2025/11/10 9:44 p.m.4 views

CVE-2025-64508 Bugsink vulnerable to unauthenticated remote DoS via crafted Brotli input

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" highly compressed brotli streams, such as many zeros can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the...

7.5CVSS6.4AI score0.00418EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/11/10 12:0 a.m.2 views

Bugsink 安全漏洞

Bugsink is a self-hosted bug tracking software from Bugsink Open Source. A security vulnerability exists in Bugsink versions prior to 2.0.5 that stems from the server not applying a maximum limit when processing highly compressed brotli streams, which could lead to memory exhaustion and denial of...

7.5CVSS6.2AI score0.00418EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.5 views

PT-2025-46207

Name of the Vulnerable Software and Affected Versions Bugsink versions prior to 2.0.5 Description Bugsink is a self-hosted error tracking tool susceptible to a Denial of Service. Specifically, specially crafted brotli compressed data streams, known as “bombs” highly compressed brotli streams...

7.5CVSS6.5AI score0.00418EPSS
Exploits0References14
OSV
OSV
added 2025/07/30 2:29 p.m.5 views

CVE-2025-54433 Bugsink is vulnerable to Path Traversal attacks via event_id in ingestion

Bugsink is a self-hosted error tracking service. In versions 1.4.2 and below, 1.5.0 through 1.5.4, 1.6.0 through 1.6.3, and 1.7.0 through 1.7.3, ingestion paths construct file locations directly from untrusted eventid input without validation. A specially crafted eventid can result in paths outsi...

7.2CVSS6.6AI score0.00538EPSS
Exploits0References11
CVE
CVE
added 2025/07/30 2:29 p.m.21 views

CVE-2025-54433

Bugsink suffers from a Path Traversal vulnerability (CVE-2025-54433) where ingestion paths are constructed from unvalidated event_id input. Affected versions include 1.4.2 and earlier, 1.5.0–1.5.4, 1.6.0–1.6.3, and 1.7.0–1.7.3. An attacker with a valid DSN can craft an event_id to cause file writ...

7.2CVSS6.5AI score0.00538EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/07/30 2:29 p.m.7 views

CVE-2025-54433 Bugsink is vulnerable to Path Traversal attacks via event_id in ingestion

Bugsink is a self-hosted error tracking service. In versions 1.4.2 and below, 1.5.0 through 1.5.4, 1.6.0 through 1.6.3, and 1.7.0 through 1.7.3, ingestion paths construct file locations directly from untrusted eventid input without validation. A specially crafted eventid can result in paths outsi...

7.2CVSS0.00538EPSS
Exploits0References9
Rows per page
Query Builder