CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

140 matches found

OSV•added 2026/06/05 9:43 p.m.•4 views

GHSA-VX2F-6M6H-9FRF Bugsink: Issue event views can show an event from another project if its UUID is known

Description Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up that event without also requiring it to belong to the issue in the URL. This is a project-boundary authorization issue: a logged-in user with access to one project can view anoth...

3.1CVSS5.3AI score0.00154EPSS

Exploits0References4

EUVD•added 2026/06/05 9:43 p.m.•10 views

EUVD-2026-31861

Bugsink: Issue event views can show an event from another project if its UUID is known...

3.1CVSS5.4AI score0.00154EPSS

Exploits0References3

RedhatCVE•added 2026/05/28 2:15 p.m.•11 views

CVE-2026-47715

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up that event without also requiring it to belong to the issue in the URL. This is a project-boundary authorization issue: a...

3.1CVSS5.8AI score0.00154EPSS

Exploits0References1

NVD•added 2026/05/26 5:16 p.m.•21 views

CVE-2026-47715

3.1CVSS0.00154EPSS

Exploits0References2

ATTACKERKB•added 2026/05/26 4:22 p.m.•9 views

CVE-2026-47715

3.1CVSS5.8AI score0.00154EPSS

Exploits0References3Affected Software1

OSV•added 2026/04/13 6:28 p.m.•2 views

SUSE-SU-2026:21123-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-38542: RDMA/manaib: boundary check before installing cq callbacks bsc1226591. - CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in...

8.8CVSS6.2AI score0.00812EPSS

Exploits3References144

RedhatCVE•added 2026/02/26 4:15 a.m.•4 views

CVE-2026-27614

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. When Pygments...

9.3CVSS5.7AI score0.00286EPSS

Exploits1References1

EUVD•added 2026/02/25 4:6 p.m.•3 views

EUVD-2026-8597

Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering...

9.3CVSS5.2AI score0.00286EPSS

Exploits1References4

OSV•added 2026/02/25 4:6 p.m.•2 views

GHSA-VP6Q-7M36-PQ3W Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering

Summary An unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. Details When Pygments returns more lines than it was given a known upstream quirk...

9.3CVSS5.9AI score0.00286EPSS

Exploits1References5

Github Security Blog•added 2026/02/25 4:6 p.m.•3 views

Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering

9.3CVSS5.8AI score0.00286EPSS

Exploits1References5Affected Software1

Snyk•added 2026/02/25 6:17 a.m.•3 views

Cross-site Scripting (XSS)

Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to Cross-site Scripting XSS in the pygmentizelines function. An attacker who can can submit events to a Bugsink project and convince a user to interact in the web UI with a stacktrace containing a...

9.3CVSS5.7AI score0.00286EPSS

Exploits1References2

NVD•added 2026/02/25 3:16 a.m.•12 views

CVE-2026-27614

9.3CVSS0.00286EPSS

Exploits1References3

ATTACKERKB•added 2026/02/25 2:31 a.m.•4 views

CVE-2026-27614

9.3CVSS5.7AI score0.00286EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/02/25 2:31 a.m.•3 views

CVE-2026-27614 Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering

9.3CVSS5.7AI score0.00286EPSS

Exploits1References3

CVE•added 2026/02/25 2:31 a.m.•14 views

CVE-2026-27614

Bugsink (self-hosted error tracking) is affected by a Stored XSS in versions before 2.0.13. The root cause is how Pygments fallback in stacktrace rendering handles line mismatches: _pygmentize_lines() returns raw lines when line counts differ, and then mark_safe() is applied unconditionally to th...

9.3CVSS5.7AI score0.00286EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/02/25 2:31 a.m.•21 views

CVE-2026-27614 Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering

9.3CVSS0.00286EPSS

Exploits1References3

OSV•added 2026/02/25 2:31 a.m.•4 views

CVE-2026-27614 Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering

9.3CVSS5.9AI score0.00286EPSS

Exploits1References5

Positive Technologies•added 2026/02/25 12:0 a.m.•7 views

PT-2026-21841

Name of the Vulnerable Software and Affected Versions Bugsink versions prior to 2.0.13 Description Bugsink is a self-hosted error tracking tool affected by a stored cross-site scripting XSS issue. An unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScrip...

9.3CVSS6AI score0.00286EPSS

Exploits1References13

SUSE CVE•added 2026/02/05 12:24 a.m.•3 views

SUSE CVE-2026-23088

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix crash on synthetic stacktrace field usage When creating a synthetic event based on an existing synthetic event that had a stacktrace field and the new synthetic event used that field a kernel crash occurred: cd...

5.5CVSS5.2AI score0.00122EPSS

Exploits0References15

NVD•added 2026/02/04 5:16 p.m.•7 views

CVE-2026-23088

5.5CVSS0.00122EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by