Lucene search
+L

41 matches found

circl
circl
added 2026/07/08 10:2 p.m.7 views

CVE-2026-59803

creationtimestamp| type| source ---|---|--- 2026-07-08 22:02:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq64ouacqi2t 2026-07-09 00:15:02+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-59803...

8.7CVSS5.9AI score0.00408EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.14 views

PT-2026-51104

Name of the Vulnerable Software and Affected Versions @tinacms/app versions prior to 2.5.6 tinacms versions prior to 3.9.3 Description Cross-origin postMessage handlers allow for stored XSS and session takeover. The software registers window message listeners—specifically the useTina overlay...

8.5CVSS5.8AI score0.00196EPSS
Exploits0References6
nvd
nvd
added 2026/05/26 8:16 p.m.15 views

CVE-2026-44214

eventsource-encoder encodes events as well-formed EventSource/Server Sent Event SSE messages. Prior to 1.0.2, eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage before serializing them. An attacker who controls either field can inject arbitrary Server-Sent Event...

5.8CVSS0.00277EPSS
Exploits1References1
osv
osv
added 2026/05/26 7:34 p.m.3 views

CVE-2026-44214 eventsource-encoder: SSE event injection via unsanitized event and id fields

eventsource-encoder encodes events as well-formed EventSource/Server Sent Event SSE messages. Prior to 1.0.2, eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage before serializing them. An attacker who controls either field can inject arbitrary Server-Sent Event...

5.8CVSS6.1AI score0.00277EPSS
Exploits1References3
circl
circl
added 2026/05/26 7:28 p.m.12 views

CVE-2026-44668

creationtimestamp| type| source ---|---|--- 2026-05-26 19:28:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmrq2hvnlt2p...

9.8CVSS5AI score0.00364EPSS
Exploits0References1
cve
cve
added 2026/05/26 4:42 p.m.18 views

CVE-2026-46431

CVE-2026-46431 affects Algernon’s SSE event server prior to version 1.17.7, where Access-Control-Allow-Origin was hardcoded to “*”. This allowed cross-origin EventSource connections to read the live filename stream, compromising confidentiality. The issue is fixed in 1.17.7; upgrading to that ver...

4.3CVSS5.8AI score0.00219EPSS
Exploits0References1
osv
osv
added 2026/05/20 3:34 p.m.11 views

GHSA-HW27-4V2Q-5QFF Algernon: Auto-refresh SSE event server sets Access-Control-Allow-Origin: *

Summary The SSE event server's Access-Control-Allow-Origin response header was hardcoded to the wildcard regardless of the caller's Origin. Because EventSource does not preflight and does not send cookies, the wildcard is sufficient to let any third-party page the developer visits open a...

4.3CVSS5.9AI score0.00219EPSS
Exploits0References3
circl
circl
added 2026/04/29 8:25 p.m.7 views

CVE-2018-25314

creationtimestamp| type| source ---|---|--- 2026-04-29 20:25:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mknwnpzlsb2o 2026-04-29 20:39:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mknxfzyb4u2c...

8.6CVSS4.8AI score0.00165EPSS
Exploits0References2
circl
circl
added 2026/04/17 10:9 a.m.6 views

CVE-2026-40002

creationtimestamp| type| source ---|---|--- 2026-04-17 10:09:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjools7oae2f...

8.8CVSS5.7AI score0.00121EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/03/12 12:0 a.m.3 views

PT-2026-25030

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to 0.50.1, in a situation where the ring-buffer of a gadget is – incidentally or maliciously – already full, the gadget will silently drop events. Th...

4.8CVSS5.8AI score0.00143EPSS
Exploits1References2
circl
circl
added 2026/03/06 2:4 a.m.8 views

CVE-2026-28486

creationtimestamp| type| source ---|---|--- 2026-03-06 02:04:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mge7w4w5mz2u...

6.8CVSS5.9AI score0.00152EPSS
Exploits0References1
circl
circl
added 2026/02/03 1:16 p.m.6 views

CVE-2025-67850

creationtimestamp| type| source ---|---|--- 2026-02-03 13:16:27+00:00| seen| Telegram/fpMcrY2RALMfsN1onUqQsHu7uTJCJuSmLnazyi9cvEQogc...

7.3CVSS4.8AI score0.00266EPSS
Exploits0
circl
circl
added 2026/01/20 8:5 a.m.5 views

CVE-2020-3644

creationtimestamp| type| source ---|---|--- 2026-01-20 08:05:01+00:00| seen| https://infosec.exchange/users/certvde/statuses/115926387351405846...

5.5CVSS5AI score0.00212EPSS
Exploits0References1
circl
circl
added 2026/01/07 9:51 a.m.5 views

CVE-2025-13493

creationtimestamp| type| source ---|---|--- 2026-01-07 09:51:32+00:00| seen| https://gist.github.com/Darkcrai86/a7cb2e3df0a8f8a1eed221eaa235d11a 2026-01-07 18:09:18+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbu2sgcer72e...

7.5CVSS5.7AI score0.00283EPSS
Exploits0References2
circl
circl
added 2025/08/12 4:1 p.m.5 views

CVE-2025-49712

creationtimestamp| type| source ---|---|--- 2025-08-12 16:01:32+00:00| seen| https://www.thezdi.com/blog/2025/8/12/the-august-2025-security-update-review 2025-08-13 10:48:37+00:00| seen| https://t.me/truesecator/7322...

8.8CVSS4.8AI score0.1831EPSS
Exploits0References2
circl
circl
added 2025/04/29 6:12 p.m.7 views

CVE-2025-4077

creationtimestamp| type| source ---|---|--- 2025-04-29 18:12:22+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13885 2025-04-29 19:50:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lny2ilcvx62p 2025-04-29 21:01:05+00:00| seen|...

7.8CVSS5.4AI score0.00288EPSS
Exploits1References3
osv
osv
added 2025/04/15 7:22 p.m.18 views

CVE-2025-32445 Users can gain privileged access to the host system and cluster with EventSource and Sensor CR

Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. The EventSource and Sensor...

9.9CVSS4.3AI score0.00724EPSS
Exploits0References4
snyk
snyk
added 2025/04/14 5:47 p.m.2 views

Privilege Chaining

Overview Affected versions of this package are vulnerable to Privilege Chaining through the spec.template.container configuration in the EventSource and Sensor custom resources. An attacker can gain privileged access to the host system and cluster by injecting commands into a container template...

9.9CVSS7.2AI score0.00724EPSS
Exploits0References2
snyk
snyk
added 2025/04/14 5:47 p.m.2 views

Privilege Chaining

Overview Affected versions of this package are vulnerable to Privilege Chaining through the spec.template.container configuration in the EventSource and Sensor custom resources. An attacker can gain privileged access to the host system and cluster by injecting commands into a container template...

9.9CVSS7.2AI score0.00724EPSS
Exploits0References2
circl
circl
added 2025/03/31 2:32 p.m.6 views

CVE-2025-31590

creationtimestamp| type| source ---|---|--- 2025-03-31 14:32:17+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9665...

6.5CVSS8.7AI score0.00237EPSS
Exploits0References1
Rows per page
Query Builder