Lucene search
K

9 matches found

Github Security Blog
Github Security Blog
added 2026/06/05 9:44 p.m.14 views

Bugsink: Project scoping missing in sourcemap and debug-file lookup

Summary Bugsink before 2.2.0 resolved sourcemaps and debug files by debug ID without scoping that lookup to the project that owned the uploaded metadata. An authenticated user with access to one project could cause event processing in that project to use sourcemap/debug-file metadata uploaded for...

4.3CVSS5.1AI score0.00178EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 4:16 p.m.9 views

CVE-2026-47728 Bugsink: Project scoping missing in sourcemap and debug-file lookup

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink resolved sourcemaps and debug files by debug ID without scoping that lookup to the project that owned the uploaded metadata. An authenticated user with access to one project could cause event processing in that project to use...

4.3CVSS5.8AI score0.00178EPSS
Exploits0References2
CVE
CVE
added 2026/05/26 4:16 p.m.23 views

CVE-2026-47728

Bugsink (self-hosted error tracking) prior to 2.2.0 stores and looks up sourcemaps and debug files by debug ID without scoping to the owning project. An authenticated user with access to one project could cause event processing in that project to use sourcemap/debug-file metadata uploaded for ano...

4.3CVSS5.8AI score0.00178EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 7:41 a.m.10 views

CVE-2019-10080

The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE and reveal information such as the versions of Java, Jersey, and Apache that the NiFI...

6.5CVSS6.4AI score0.02258EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:26 a.m.4 views

SUSE CVE-2014-8121

DBLOOKUP in nssfiles/files-XXX.c in the Name Service Switch NSS in GNU C Library aka glibc or libc6 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service infinite loop by performing a look-up on a database while iterating over it,...

5CVSS6.7AI score0.05609EPSS
Exploits1References8
Veracode
Veracode
added 2022/04/27 7:0 p.m.60 views

Insecure File Lookup

Linux kernel is vulnerable to insecure file lookup . The vulnerability exists because it performs a regular lookup which allows an attacker to access potentially sensitive files, which results in Sensitive Information Disclosure...

3.3CVSS3.6AI score0.00397EPSS
Exploits0References12Affected Software4
Positive Technologies
Positive Technologies
added 2021/11/04 12:0 a.m.3 views

PT-2021-14729 · Jenkins · Jenkins Subversion Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Plugin versions 2.15.0 and earlier Description: The issue allows attackers who can control agent processes to read arbitrary files on the Jenkins controller file system. This is because the plugin does not restrict the name...

7.5CVSS8.4AI score0.02073EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2019/12/26 12:0 a.m.4 views

The vulnerability of the XMLFileLookupService component in the Apache NiFi data processing platform allows a hacker to gain unauthorized access to protected information.

The vulnerability of the XMLFileLookupService component in the Apache NiFi data processing platform is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protecte...

6.8CVSS6.9AI score0.02258EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2018/07/09 12:0 a.m.5 views

Jirafeau Cross-Site Request Forgery Vulnerability

Jirafeau is a file sharing website system. A cross-site request forgery vulnerability exists in the administration panel in Jirafeau versions prior to 3.4.1. A remote attacker can exploit this vulnerability to force an administrator to perform a file lookup operation and perform a cross-site...

8.8CVSS8.5AI score0.00523EPSS
Exploits1References1
Rows per page
Query Builder