Lucene search
+L

386 matches found

UbuntuCve
UbuntuCve
added 2026/02/12 9:16 a.m.4 views

CVE-2025-41117

Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo ...

6.8CVSS5.8AI score0.00239EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/12 8:49 a.m.6 views

CVE-2025-41117 XSS in Grafana Explore stack trace

Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo ...

6.8CVSS5.5AI score0.00239EPSS
Exploits0References1
OSV
OSV
added 2026/02/12 8:49 a.m.4 views

CVE-2025-41117 XSS in Grafana Explore stack trace

Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo ...

6.8CVSS6.6AI score0.00239EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/02/12 8:49 a.m.4 views

CVE-2025-41117

Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo ...

6.8CVSS5.5AI score0.00239EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/02/11 12:0 a.m.6 views

TRACE: Timely Retrieval and Alignment for Cybersecurity Knowledge Graph Construction and Expansion

The rapid evolution of cyber threats has highlighted significant gaps in security knowledge integration. Cybersecurity Knowledge Graphs CKGs relying on structured data inherently exhibit hysteresis, as the timely incorporation of rapidly evolving unstructured data remains limited, potentially...

5.7AI score
Exploits0
Veracode
Veracode
added 2026/01/19 9:35 a.m.6 views

Remote Code Execution (RCE)

UmbracoForms is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of user-supplied WSDL URLs used as data sources, which allows an authenticated attacker to supply a malicious web service definition and execute arbitrary code on the server...

7.5CVSS6.3AI score0.00681EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:29 a.m.9 views

CVE-2023-29046

Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of...

4.3CVSS6.9AI score0.00478EPSS
Exploits0References1
Circl
Circl
added 2025/12/24 5:37 a.m.7 views

CVE-2025-13773

creationtimestamp| type| source ---|---|--- 2025-12-24 05:37:02+00:00| seen| https://infosec.exchange/users/offseq/statuses/115772923621574352 2025-12-24 05:37:03+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mapkafmwk626 2025-12-24 05:45:28+00:00| seen|...

9.8CVSS5.7AI score0.032EPSS
Exploits0References6
Securelist
Securelist
added 2025/12/23 12:0 p.m.9 views

Assessing SIEM effectiveness

A SIEM is a complex system offering broad and flexible threat detection capabilities. Due to its complexity, its effectiveness heavily depends on how it is configured and what data sources are connected to it. A one-time SIEM setup during implementation is not enough: both the organization's...

6.5AI score
Exploits0
Circl
Circl
added 2025/12/02 2:49 p.m.4 views

CVE-2025-64460

creationtimestamp| type| source ---|---|--- 2025-12-02 14:49:11+00:00| seen| https://seclists.org/oss-sec/2025/q4/226 2025-12-02 16:31:29+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3m6zekey5zw22 2025-12-02 19:01:50+00:00| seen|...

7.5CVSS7.6AI score0.02143EPSS
Exploits0References7
Circl
Circl
added 2025/11/27 6:36 a.m.6 views

CVE-2025-13540

creationtimestamp| type| source ---|---|--- 2025-11-27 06:36:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m6lqxlntkn2q 2025-11-27 07:33:58+00:00| seen| https://infosec.exchange/users/offseq/statuses/115620501057288487 2025-11-27 07:34:07+00:00| seen|...

9.8CVSS5.7AI score0.00312EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2025/11/21 12:0 a.m.7 views

ReVul-CoT: Towards Effective Software Vulnerability Assessment with Retrieval-Augmented Generation and Chain-Of-Thought Prompting

Context: Software Vulnerability Assessment SVA plays a vital role in evaluating and ranking vulnerabilities in software systems to ensure their security and reliability. Objective: Although Large Language Models LLMs have recently shown remarkable potential in SVA, they still face two major...

6.8AI score
Exploits0
NVD
NVD
added 2025/11/12 9:15 a.m.11 views

CVE-2025-64403

Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links to be loaded without prompt. This issue affects Apache...

8.1CVSS0.01292EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/12 9:4 a.m.7 views

CVE-2025-64403 Apache OpenOffice: Remote documents loaded without prompt via "external data sources" in Calc

Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links to be loaded without prompt. This issue affects Apache...

0.01292EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/12 9:4 a.m.1 views

CVE-2025-64403 Apache OpenOffice: Remote documents loaded without prompt via "external data sources" in Calc

Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links to be loaded without prompt. This issue affects Apache...

6.4AI score0.01292EPSS
Exploits0References2
CVE
CVE
added 2025/11/12 9:4 a.m.22 views

CVE-2025-64403

CVE-2025-64403 affects Apache OpenOffice up to version 4.1.15 (Calc external data sources and other external links). Root cause is missing authorization checks that allow an attacker to craft a document to load links without prompting the user. A fix is available in OpenOffice 4.1.16. Other relat...

8.1CVSS6.4AI score0.01292EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/11/12 12:0 a.m.7 views

Apache OpenOffice 安全漏洞

Apache OpenOffice is an open source office software suite from the Apache USA Foundation. The suite contains text documents, spreadsheets, presentations, drawings, databases and more. A security vulnerability exists in Apache OpenOffice versions 4.1.15 and earlier, which stems from a lack of...

8.1CVSS6.7AI score0.01292EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/10 9:27 a.m.4 views

CVE-2025-12405 Unauthorized access through stored credentials in Looker Studio

An improper privilege management vulnerability was found in Looker Studio. It impacted all JDBC-based connectors. A Looker Studio user with report view access could make a copy of the report and execute arbitrary SQL that would run on the data source database due to the stored credentials attache...

7.7CVSS7.2AI score0.0025EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.10 views

PT-2025-45609

Name of the Vulnerable Software and Affected Versions Looker Studio affected versions not specified Description An improper privilege management issue was identified in Looker Studio, affecting all JDBC-based connectors. A Looker Studio user with report view access could create a copy of a report...

7.7CVSS7.1AI score0.0025EPSS
Exploits0References7
Circl
Circl
added 2025/11/05 8:57 a.m.3 views

CVE-2025-31133

creationtimestamp| type| source ---|---|--- 2025-11-05 08:57:06+00:00| seen| https://seclists.org/oss-sec/2025/q4/138 2025-11-05 10:35:36+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3m4uu364gd32h 2025-11-05 14:59:52+00:00| seen|...

7.8CVSS7.7AI score0.0067EPSS
Exploits2References55
Rows per page
Query Builder