CVE-2026-47715

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up that event without requiring it to belong to the issue in the URL, enabling a logged-in user with access to one project to view ...

Astra Linux - уязвимость в libx11

A vulnerability was discovered in libX11. The security flaw arises because the functions in src/InitExt.c of libX11 do not check whether the values provided for the Request, Event, or Error IDs are within the bounds of the arrays to which those functions refer, by using those IDs as array indexes...

CVE-2026-33470

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access snapshots from other cameras. This is possible through a chain of two authorization problems: /api/timeline return...

EUVD-2025-60058

Malicious code in disturbedmeadowlarkz3n npm...

PuneethReddyHC Event Management 安全漏洞

PuneethReddyHC Event Management is an application by Puneeth Reddy H C Individual Developer. Helps users to register for events organized in university festivals with simple logic and security. A security vulnerability exists in PuneethReddyHC Event Management version 1.0, which stems from improp...

GHSA-PW86-QVX9-34R7 Liferay Portal Vulnerable to IDOR via audit events

Insecure Direct Object Reference IDOR vulnerability with audit events in Liferay Portal 7.4.0 through 7.4.3.117, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported...

CVE-2016-0193

creationtimestamp| type| source ---|---|--- 2025-08-31 03:01:11+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d...

CVE-2022-49661

creationtimestamp| type| source ---|---|--- 2025-08-22 14:52:23+00:00| seen| MISP/24306fae-b16b-4478-9297-d2973cdb583c...

CVE-2025-21799

creationtimestamp| type| source ---|---|--- 2025-08-22 14:52:22+00:00| seen| MISP/24306fae-b16b-4478-9297-d2973cdb583c...

CVE-2025-21802

creationtimestamp| type| source ---|---|--- 2025-08-22 14:52:22+00:00| seen| MISP/24306fae-b16b-4478-9297-d2973cdb583c 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

CVE-2019-6697

creationtimestamp| type| source ---|---|--- 2025-08-12 13:33:28+00:00| seen| MISP/02fb130c-7874-4693-9b66-81ed91a2e996 2025-08-21 03:19:32+00:00| seen| MISP/02fb130c-7874-4693-9b66-81ed91a2e996...

Path Traversal

bugsink is vulnerable to Path Traversal. The vulnerability is due to constructing file locations directly from untrusted eventid input without validation, which allows an attacker with access to a valid DSN to create or overwrite files in arbitrary locations...

CVE-2024-7767

creationtimestamp| type| source ---|---|--- 2025-08-11 18:27:49+00:00| seen| MISP/3e4b778d-5810-4171-a915-f1d106684af4...

Directory Traversal

Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to Directory Traversal via the getfilenameforeventid function when constructing file locations from untrusted eventid input without validation. An attacker can overwrite or create files in arbitrary...

GHSA-Q78P-G86F-JG6Q Bugsink path traversal via event_id in ingestion

Summary In affected versions, ingestion paths construct file locations directly from untrusted eventid input without validation. A specially crafted eventid can result in paths outside the intended directory, potentially allowing file overwrite or creation in arbitrary locations. Submitting such...

CVE-2024-51948

creationtimestamp| type| source ---|---|--- 2025-04-10 19:49:12+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11326 2025-08-19 13:26:46+00:00| seen| MISP/e1f6260f-3311-441b-92ae-e04cd5eb5f72...

PT-2025-27742

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A malicious USB device can send a WMI SWBA EVENTID event from an ath9k htc-managed device before beaconing has been enabled, causing a device-by-zero error in the driver. This can lead...

CVE-2025-30368

creationtimestamp| type| source ---|---|--- 2025-03-31 19:31:09+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9746 2025-03-31 21:43:20+00:00| seen| https://t.me/cvedetector/21638 2025-08-10 18:27:44+00:00| seen| MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c 2025-09-10...

CVE-2025-2976

creationtimestamp| type| source ---|---|--- 2025-03-31 09:09:17+00:00| seen| https://t.me/cvedetector/21556 2025-08-10 18:27:44+00:00| seen| MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c 2025-09-10 07:47:57+00:00| seen| MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c...

CVE-2025-20231

creationtimestamp| type| source ---|---|--- 2025-03-26 23:55:51+00:00| seen| https://t.me/cvedetector/21232 2025-08-10 18:27:45+00:00| seen| MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c 2025-09-10 07:48:00+00:00| seen| MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c...