Lucene search
K

97 matches found

CVE
CVE
added 5 days ago7 views

CVE-2026-55879

OpenReplay (self-hosted) versions 1.24.0–1.24.x are affected by an unauthenticated stored XSS in the tracking SDK. The SDK accepts custom event names and captured page URLs from any visitor using a public project key and stores data in ClickHouse without output encoding. When rendered in the auth...

9.3CVSS6.1AI score0.00274EPSS
Exploits0References3
NVD
NVD
added 6 days ago6 views

CVE-2026-45780

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, EventSerializer could expose invited group names, sample invitees, and attendance statistics to users who could view the topic but were not entitled to view the private event invitee list. This...

5.3CVSS0.00399EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-60125

MISP’s importModule path used getEnabledModule to resolve a single import module by name, but this lookup did not enforce the per-organisation module restriction checked by getEnabledModules. As a result, an authenticated user from an organisation that was not allowed to use a module restricted v...

5.3CVSS5.9AI score0.00207EPSS
Exploits0References2
EUVD
EUVD
added last week6 views

EUVD-2026-42241

MISP’s importModule path used getEnabledModule to resolve a single import module by name, but this lookup did not enforce the per-organisation module restriction checked by getEnabledModules. As a result, an authenticated user from an organisation that was not allowed to use a module restricted v...

5.3CVSS5.9AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added last week5 views

EUVD-2026-42239

An authorization bypass in MISP’s EventsController::importModule allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results in the mispstandard format, the write path did not verify eve...

5.3CVSS6AI score0.0022EPSS
Exploits0References1
CVE
CVE
added last week7 views

CVE-2026-60124

The CVE-2026-60124 in MISP concerns an authorization bypass in EventsController::importModule(). When an import module returns results in the misp_standard format, the write path failed to verify event modification rights, allowing authenticated users or read-only API keys with event view access ...

5.3CVSS6AI score0.0022EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 6:16 a.m.14 views

CVE-2026-10029

The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.13.1 via the getevents. This makes it possible for unauthenticated attackers to extract sensitive data including...

5.3CVSS0.0031EPSS
Exploits0References12
EUVD
EUVD
added 2026/06/18 4:31 a.m.13 views

EUVD-2026-37841

The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.13.1 via the getevents. This makes it possible for unauthenticated attackers to extract sensitive data including...

5.3CVSS5.1AI score0.0031EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.17 views

PT-2026-50620

Name of the Vulnerable Software and Affected Versions Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress versions prior to 1.3.13.2 Description Sensitive information exposure occurs via the get events function. This allows unauthenticated attackers to extra...

5.3CVSS5.9AI score0.0031EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.20 views

PT-2026-48477

Affected: @hulumi/baseline 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-1059 Insufficient Technical Documentation / Behavioral Inconsistency Summary The S3 bucket that AccountFoundation creates to receive CloudTrail and AWS Config audit logs is meant to be tamper-resistant — if someone with...

7.1CVSS5.5AI score0.00041EPSS
Exploits0References4
OSV
OSV
added 2026/05/28 10:16 a.m.9 views

UBUNTU-CVE-2026-46140

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: validate WMT event SKB length before struct access btmtkusbhciwmtsync casts the WMT event response SKB data to struct btmtkhciwmtevt 7 bytes and struct btmtkhciwmtevtfuncc 9 bytes without first checking that the...

7.1CVSS5.7AI score0.00131EPSS
Exploits0References7
NVD
NVD
added 2026/05/26 5:16 p.m.25 views

CVE-2026-47715

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up that event without also requiring it to belong to the issue in the URL. This is a project-boundary authorization issue: a...

3.1CVSS0.00154EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.13 views

Bugsink 安全漏洞

Bugsink is an open-source, self-hosted bug tracking software developed by Bugsink. Versions of Bugsink prior to 2.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the event pages did not require events to be issues within URLs, which could allow authenticat...

3.1CVSS5.8AI score0.00154EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/27 12:4 a.m.8 views

EUVD-2026-25742

There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered...

5.1CVSS5.6AI score0.00177EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/17 11:21 p.m.1 views

CVE-2026-26004 Sentry allows unauthorized access to event data across organizational boundaries

Sentry is a developer-first error tracking and performance monitoring tool. Versions prior to 26.1.0 have a cross-organization Insecure Direct Object Reference IDOR vulnerability in Sentry's GroupEventJsonView endpoint. Version 26.1.0 patches the issue...

7.1CVSS5.8AI score0.00241EPSS
Exploits1References3
CVE
CVE
added 2026/03/17 11:21 p.m.41 views

CVE-2026-26004

CVE-2026-26004 (Sentry) : A cross-organization insecure direct object reference (IDOR) exists in Sentry’s GroupEventJsonView endpoint for versions prior to 26.1.0. This could allow unauthorized access to event data across organizational boundaries. The issue is mitigated by upgrading to version 2...

7.1CVSS5.8AI score0.00241EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/17 11:21 p.m.4 views

CVE-2026-26004 Sentry allows unauthorized access to event data across organizational boundaries

Sentry is a developer-first error tracking and performance monitoring tool. Versions prior to 26.1.0 have a cross-organization Insecure Direct Object Reference IDOR vulnerability in Sentry's GroupEventJsonView endpoint. Version 26.1.0 patches the issue...

7.1CVSS5.9AI score0.00241EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/15 1:35 p.m.3 views

CVE-2026-28521

arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vulnerability in the TuyaIoT component. An attacker who hijacks or controls the Tuya cloud service can issue malicious DP event data to victim devices, causing out-of-bounds memory access that may result in information...

7.7CVSS5.8AI score0.00212EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 10:2 a.m.8 views

CVE-2011-0756

The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port...

5CVSS6.8AI score0.01064EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.9 views

PT-2025-52906

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s coresight component, specifically within the tmc subsystem. The issue stems from a missing handle for events, which is crucial for retrieving auxiliar...

9.8CVSS6.3AI score0.00378EPSS
Exploits8References412
Rows per page
Query Builder