110839 matches found
Striso Control Firmware 安全漏洞
Striso Control Firmware is an open-source MPE MIDI controller firmware developed by Striso. Version 54c9722 of Striso Control Firmware contains a security vulnerability, which stems from a buffer overflow in the ThreadReadButtons function...
Grafana OSS 安全漏洞
Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which stems from a race condition in Live. This condition may allow authenticated users with the Viewer role to trigger a fatal mapping access error by sending concurrent...
Context-Aware Web Attack Detection in Open-Source SIEM Systems Via MITRE ATT&CK-Enriched Behavioral Profiling
Security Information and Event Management SIEM systems aggregate log data from heterogeneous sources to detect coordinated attacks. Traditional rule-based correlation engines struggle to classify multi-step web application attacks because they examine each event without reference to the behaviour...
PT-2026-40677
Name of the Vulnerable Software and Affected Versions NGINX Open Source versions prior to 1.30.0 Description When configured to proxy HTTP/2 traffic by setting proxy http version to 2 and utilizing proxy set body, an attacker may inject frame headers and payload bytes to the upstream peer...
Grafana OSS 安全漏洞
Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which stems from the editor’s ability to overwrite dashboards that it does not own. This could potentially lead to obtaining administrator privileges on specific dashboard...
F5 NGINX Open Source 安全漏洞
F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway provided by the F5 company. There is a security vulnerability in F5 NGINX Open Source, which stems from the use of proxysetbody when configuring HTTP/2 traffic. This vulnerability may lead ...
Grafana OSS 安全漏洞
Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which stems from vulnerabilities in SQL expressions. This vulnerability could allow authenticated attackers to read arbitrary files from the Grafana server’s file system...
Grafana Data Source Plugin: DoS (OOM) via Negative Interval Injection in $__timeGroup Macro
Using the $timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server...
Grafana OSS 安全漏洞
Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which arises from using the timeGroup macro, potentially leading to server overload and OOM issues...
Grafana OSS 安全漏洞
Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which stems from the Live push endpoint’s ability to cause unlimited memory allocation by sending large or streaming request bodies, potentially leading to insufficient...
F5 NGINX Plus和F5 NGINX Open Source 资源管理错误漏洞
F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...
Plasma Workspace 安全漏洞
Plasma Workspace is an open-source application developed by the KDE GitHub Mirror project. It serves to run various components required for a Plasma-based environment. Plasma Workspace has a security vulnerability that stems from multiple issues, which may allow an infected plasmalogin service...
Grafana OSS 安全漏洞
Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which stems from the fact that the editor can delete any comments, even without read-only privileges...
F5 NGINX Plus和F5 NGINX Open Source 安全漏洞
F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...
CVE-2026-44870
creationtimestamp| type| source ---|---|--- 2026-05-12 23:30:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlox25t4ew2p...
CVE-2026-6959
creationtimestamp| type| source ---|---|--- 2026-05-12 23:25:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlowr76vsy2n...
CVE-2026-44873
creationtimestamp| type| source ---|---|--- 2026-05-12 23:21:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlowjjjvu22v...
CVE-2026-44866
creationtimestamp| type| source ---|---|--- 2026-05-12 23:17:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlowcsfeb72i...
CVE-2026-44347
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the attacker's account, possibly convincing them to perform sensitive actions on t...
CVE-2026-42158
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, an adversary with knowledge of an investigation ID, could update the metadata of an investigation of another user. This vulnerability is fixed in 1.2.3...