Lucene search
+L

92 matches found

EUVD
EUVD
added 2026/04/10 7:30 p.m.4 views

EUVD-2026-21515

Bugsink affected by authenticated arbitrary file write in artifactbundle/assemble...

7.1CVSS5.9AI score0.00299EPSS
Exploits0References3
OSV
OSV
added 2026/04/10 7:30 p.m.4 views

GHSA-8HW4-FHWW-273G Bugsink affected by authenticated arbitrary file write in artifactbundle/assemble

Authenticated arbitrary file write in artifact bundle assembly Summary An authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authentication token could cause the application to write attacker-controlled content to a...

7.1CVSS6.2AI score0.00299EPSS
Exploits0References4
NVD
NVD
added 2026/04/10 6:16 p.m.2 views

CVE-2026-40162

Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authentication token could cause the application to write attacker-controlled content to a filesystem locatio...

7.1CVSS0.00299EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/10 5:2 p.m.28 views

CVE-2026-40162 Bugsink affected by authenticated arbitrary file write in artifactbundle/assemble

Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authentication token could cause the application to write attacker-controlled content to a filesystem locatio...

7.1CVSS0.00299EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/10 5:2 p.m.2 views

CVE-2026-40162

Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authentication token could cause the application to write attacker-controlled content to a filesystem locatio...

7.1CVSS5.8AI score0.00299EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/10 5:2 p.m.14 views

CVE-2026-40162

Bugsink 2.1.0 is affected by an authenticated arbitrary file write in the artifact bundle assembly flow. A user with a valid authentication token could cause the application to write attacker-controlled content to a filesystem location writable by the Bugsink process. This results in potential im...

7.1CVSS5.8AI score0.00299EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/10 5:2 p.m.7 views

CVE-2026-40162 Bugsink affected by authenticated arbitrary file write in artifactbundle/assemble

Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authentication token could cause the application to write attacker-controlled content to a filesystem locatio...

7.1CVSS5.8AI score0.00299EPSS
Exploits0References2
OSV
OSV
added 2026/04/10 5:2 p.m.3 views

CVE-2026-40162 Bugsink affected by authenticated arbitrary file write in artifactbundle/assemble

Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authentication token could cause the application to write attacker-controlled content to a filesystem locatio...

7.1CVSS5.9AI score0.00299EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.6 views

PT-2026-32004

Name of the Vulnerable Software and Affected Versions Bugsink versions 2.1.0 Description A file write issue exists in Bugsink 2.1.0 within the artifact bundle assembly process. An authenticated user with a valid authentication token can write content to a filesystem location accessible to the...

7.1CVSS5.8AI score0.00299EPSS
Exploits0References13
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.7 views

Bugsink 输入验证错误漏洞

Bugsink is an open-source, self-hosted bug tracking software developed by Bugsink. Version 2.1.0 of Bugsink contains a vulnerability related to input validation. This vulnerability stems from an authentication-related file writing issue during the package assembly process. It may allow users with...

7.1CVSS5.8AI score0.00299EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/26 4:15 a.m.8 views

CVE-2026-27614

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. When Pygments...

9.3CVSS5.7AI score0.00286EPSS
Exploits1References1
Snyk
Snyk
added 2026/02/25 6:17 a.m.3 views

Cross-site Scripting (XSS)

Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to Cross-site Scripting XSS in the pygmentizelines function. An attacker who can can submit events to a Bugsink project and convince a user to interact in the web UI with a stacktrace containing a...

9.3CVSS5.7AI score0.00286EPSS
Exploits1References2
NVD
NVD
added 2026/02/25 3:16 a.m.17 views

CVE-2026-27614

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. When Pygments...

9.3CVSS0.00286EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/25 2:31 a.m.3 views

CVE-2026-27614 Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. When Pygments...

9.3CVSS5.7AI score0.00286EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/25 2:31 a.m.5 views

CVE-2026-27614

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. When Pygments...

9.3CVSS5.7AI score0.00286EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/02/25 2:31 a.m.27 views

CVE-2026-27614

Bugsink (self-hosted error tracking) is affected by a Stored XSS in versions before 2.0.13. The root cause is how Pygments fallback in stacktrace rendering handles line mismatches: _pygmentize_lines() returns raw lines when line counts differ, and then mark_safe() is applied unconditionally to th...

9.3CVSS5.7AI score0.00286EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/25 2:31 a.m.27 views

CVE-2026-27614 Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. When Pygments...

9.3CVSS0.00286EPSS
Exploits1References3
OSV
OSV
added 2026/02/25 2:31 a.m.6 views

CVE-2026-27614 Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. When Pygments...

9.3CVSS5.9AI score0.00286EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.14 views

PT-2026-21841

Name of the Vulnerable Software and Affected Versions Bugsink versions prior to 2.0.13 Description Bugsink is a self-hosted error tracking tool affected by a stored cross-site scripting XSS issue. An unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScrip...

9.3CVSS6AI score0.00286EPSS
Exploits1References16
RedhatCVE
RedhatCVE
added 2025/11/20 9:56 p.m.31 views

CVE-2025-64508

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" highly compressed brotli streams, such as many zeros can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the...

7.5CVSS6.8AI score0.00457EPSS
Exploits0References1
Rows per page
Query Builder