Lucene search
+L

385 matches found

osv
osv
added 2026/07/07 12:5 p.m.4 views

RLSA-2026:35826 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via...

8.2CVSS6.6AI score0.00478EPSS
Exploits0References2
circl
circl
added 2026/07/01 9:0 a.m.8 views

CVE-2026-10539

creationtimestamp| type| source ---|---|--- 2026-07-01 09:00:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116843900249979266 2026-07-01 09:00:30+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mpl5q6s6c62x 2026-07-01 09:13:02+00:00| seen|...

9.5CVSS5.9AI score0.00235EPSS
Exploits0References5
osv
osv
added 2026/06/30 3:58 p.m.4 views

CVE-2026-58375 JimuReport 2.5.0 - Unauthenticated Report Export via /jmreport/auto/export

JimuReport through 2.5.0 exposes the POST /jmreport/auto/export endpoint without authentication: the handler is annotated @JimuNoLoginRequired, so JimuReportTokenInterceptor skips all authentication and authorization, and the export service streams the rendered report for any supplied report id...

8.7CVSS6.1AI score0.00458EPSS
Exploits0References5
cve
cve
added 2026/06/25 8:38 p.m.11 views

CVE-2026-12473

OHIF Viewers are affected: two default-configured data sources, DICOMWebProxy and DICOMJSON, fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the user's OIDC Bearer token into those requests and transmits it to an attacker-controll...

8.3CVSS6AI score0.00232EPSS
Exploits0References2
euvd
euvd
added 2026/06/25 4:8 p.m.6 views

EUVD-2026-39470

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.1780-lts, the authenticated endpoint POST /api/data-sources/decrypt returns the decrypted plaintext for any credential whose credentialid is supplied in th...

6.8CVSS5.9AI score0.00126EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/25 4:8 p.m.29 views

CVE-2026-55411 ToolJet: Cross-tenant credential decryption (IDOR) in POST /api/data-sources/decrypt — any authenticated user can decrypt any organization's data-source secrets

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.1780-lts, the authenticated endpoint POST /api/data-sources/decrypt returns the decrypted plaintext for any credential whose credentialid is supplied in th...

6.8CVSS0.00126EPSS
Exploits0References1
osv
osv
added 2026/06/18 11:50 a.m.3 views

CVE-2026-11717

An authentication bypass vulnerability exists in the generic opaque token validation path validateOpaqueToken of googleapis/mcp-toolbox. When verifying an unparsed opaque token via an OAuth 2.0 introspection endpoint RFC 7662, the toolbox decodes the response into an introspectResp struct where t...

9.3CVSS6AI score0.00195EPSS
Exploits0References3
githubexploit
githubexploit
added 2026/06/07 7:26 p.m.105 views

llm-endpoint-vulnerability-poc

LLM Endpoint Vulnerability PoC A proof-of-concept for exposin...

10CVSS7.1AI score0.99999EPSS
Exploits354
ptsecurity
ptsecurity
added 2026/06/05 12:0 a.m.16 views

PT-2026-46969

Name of the Vulnerable Software and Affected Versions DataDog::DogStatsd versions prior to 0.08 Description DataDog::DogStatsd does not properly sanitize input, which allows metric injections from untrusted sources. The format event method, utilized by the event method, fails to validate tag...

9.8CVSS5.4AI score0.00447EPSS
Exploits0References7
wizblog
wizblog
added 2026/05/28 1:34 p.m.16 views

State of Post Quantum Cryptography

Discussion of PQC relevant statistics that we see across our customers and other data sources...

5.8AI score
Exploits0
attackerkb
attackerkb
added 2026/05/27 5:3 p.m.8 views

CVE-2026-46427

Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is DatasourceFieldType.PASSWORD. The Snowflake integration types its privateKey field as...

7.7CVSS5.8AI score0.00223EPSS
Exploits0References2Affected Software1
github
github
added 2026/05/27 4:57 p.m.23 views

Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction

GitHub Security Advisory Draft — GM-374 Summary Multiple locations in Pimcore v11 call PHP's unserialize on data from database columns and filesystem files without the allowedclasses restriction, enabling object injection if an attacker can control the serialized data source. Severity CVSS 3.1: 8...

6.5AI score0.00202EPSS
Exploits0References5Affected Software1
cnnvd
cnnvd
added 2026/05/27 12:0 a.m.13 views

Budibase 代码问题漏洞

Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.1 contained code-related vulnerabilities. These vulnerabilities stemmed from the integratio...

7.7CVSS5.8AI score0.00258EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/27 12:0 a.m.14 views

Budibase 安全漏洞

Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.39.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that GET...

8.1CVSS5.8AI score0.00257EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/27 12:0 a.m.11 views

PT-2026-44147

GM-374 Summary Multiple locations in Pimcore v11 call PHP's unserialize on data from database columns and filesystem files without the allowed classes restriction, enabling object injection if an attacker can control the serialized data source. Affected Component - Package: pimcore/pimcore and...

8CVSS6.3AI score0.00202EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/05/27 12:0 a.m.14 views

PT-2026-44055

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.3 Description The removeSecrets function in the server SDK fails to mask datasource configuration fields unless their schema type is DatasourceFieldType.PASSWORD. Because the Snowflake integration defines the...

7.7CVSS5.8AI score0.00223EPSS
Exploits0References4
nessus
nessus
added 2026/05/27 12:0 a.m.8 views

FreeBSD : Grafana -- Public dashboards discloses all direct mode datasources (6b2bf8e9-5900-11f1-b525-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6b2bf8e9-5900-11f1-b525-3c7c3fba4204 advisory. https://grafana.com/security/security-advisories/cve-2026-27877 reports: When using public dashboards a...

7.5CVSS5.8AI score0.00298EPSS
Exploits0References3
githubexploit
githubexploit
added 2026/05/22 10:20 p.m.123 views

cve-researcher

cve-researcher AI-powered CVE research in your terminal —...

10CVSS7.2AI score0.99999EPSS
Exploits354
circl
circl
added 2026/05/21 5:47 p.m.12 views

CVE-2026-28910

creationtimestamp| type| source ---|---|--- 2026-05-21 17:47:19+00:00| seen| https://infosec.exchange/users/alexandreborges/statuses/116613816857863838 2026-05-21 17:47:29+00:00| seen| https://bsky.app/profile/alexandreborges.bsky.social/post/3mmexyl75a22g 2026-05-22 04:40:06+00:00| seen|...

3.3CVSS5.8AI score0.00119EPSS
Exploits0References8
osv
osv
added 2026/05/21 4:27 p.m.7 views

RLSA-2023:2177 Moderate: grafana-pcp security and enhancement update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang: net/http: handle server errors after sending GOAWAY CVE-2022-27664 For...

6.5CVSS7.3AI score0.02607EPSS
Exploits0References2
Rows per page
Query Builder