CVE-2026-54395

MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The urlparams value is inserted into an inline JavaScript handler using HTML escaping inside a single-quoted JavaScript string. Because browsers HTML-decode attribute values before JavaScript parsing, a...

PT-2026-43305

Name of the Vulnerable Software and Affected Versions Bugsink versions prior to 2.2.0 Description Bugsink is a self-hosted error tracking tool. A project-boundary authorization issue exists where issue event pages accept a direct event identifier from the URL and retrieve the event without...

CVE-2026-26004

Sentry is a developer-first error tracking and performance monitoring tool. Versions prior to 26.1.0 have a cross-organization Insecure Direct Object Reference IDOR vulnerability in Sentry's GroupEventJsonView endpoint. Version 26.1.0 patches the issue...

CVE-2026-26004

CVE-2026-26004 (Sentry) : A cross-organization insecure direct object reference (IDOR) exists in Sentry’s GroupEventJsonView endpoint for versions prior to 26.1.0. This could allow unauthorized access to event data across organizational boundaries. The issue is mitigated by upgrading to version 2...

CVE-2026-26004 Sentry allows unauthorized access to event data across organizational boundaries

Sentry is a developer-first error tracking and performance monitoring tool. Versions prior to 26.1.0 have a cross-organization Insecure Direct Object Reference IDOR vulnerability in Sentry's GroupEventJsonView endpoint. Version 26.1.0 patches the issue...

CVE-2026-26004 Sentry allows unauthorized access to event data across organizational boundaries

Sentry is a developer-first error tracking and performance monitoring tool. Versions prior to 26.1.0 have a cross-organization Insecure Direct Object Reference IDOR vulnerability in Sentry's GroupEventJsonView endpoint. Version 26.1.0 patches the issue...

EUVD-2018-3589

Malware in sbrugna...

CVE-2018-11562

An issue was discovered in MISP 2.4.91. A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the deleted attributes quick filter...

Cross-site Scripting (XSS)

vega is vulnerable to Cross-site Scripting XSS attacks. The library does not properly enforce types for its arguments in the lassoAppend function, which allows an attacker to specify any object with a push function. The push function then can be set to any function that has the access to event.vi...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in The Calendar Event Multi...

Design/Logic Flaw

An issue was discovered in MISP 2.4.91. A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the deleted attributes quick filter...

CVE-2018-11562

An issue was discovered in MISP 2.4.91. A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the deleted attributes quick filter...

CVE-2018-11562

An issue was discovered in MISP 2.4.91. A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the deleted attributes quick filter...

CVE-2018-11562

CVE-2018-11562 affects MISP 2.4.91 via a vulnerability in the template file app/View/Elements/eventattribute.ctp that allows reflected XSS when a user clicks a malicious link in an event view and then uses the deleted attributes quick filter. Root cause: improper handling in that view leading to ...

Buddy Zone <= 1.5 Multiple SQL Injection Vulnerabilities

No description provided by source. --==+================================================================================+==-- --==+ Buddy Zone Version 1.5 And Prior SQL Injection Vulnerability +==-- --==+================================================================================+==-- AUTHOR:...

Thyme Calendar 1.3 - SQL Injection

Thyme Calendar 1.3 - SQL Injection Thyme Calendar 1.3 SQL Vulnerability Exploit by Warlord codehook.110mb.com ------------------------------------------------------------------- OVERVIEW AND DEFINITION ------------------------------------------------------------------- A vulnerability in exists i...