Lucene search
K

3102 matches found

NVD
NVD
added 2026/06/09 11:17 p.m.13 views

CVE-2026-9748

The $internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines...

7.1CVSS0.00323EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 11:17 p.m.6 views

UBUNTU-CVE-2026-9748

The $internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines...

7.1CVSS5.3AI score0.00323EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 10:8 p.m.8 views

CVE-2026-9748 $_internalConvertBucketIndexStats may crash the mongod server when working on no timeseries input

The $internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines...

7.1CVSS5.4AI score0.00323EPSS
Exploits0References1
MongoDB
MongoDB
added 2026/06/09 10:8 p.m.10 views

$_internalConvertBucketIndexStats may crash the mongod server when working on no timeseries input

The $internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines...

7.1CVSS5.4AI score0.00323EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.13 views

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, Inc. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from the use of PauseExecution...

7.1CVSS5.3AI score0.00323EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 5:16 p.m.12 views

CVE-2026-46739

Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. The updatestats used for updating counters and gauge methods do not check that values...

5.3CVSS0.00258EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/04 3:45 p.m.12 views

EUVD-2026-34295

Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. The updatestats used for updating counters and gauge methods do not check that values...

8.2CVSS5.8AI score0.00344EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/06/02 5:58 a.m.10 views

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1 bsc1243603. CVE-2025-68310: s390/pci: Use pciueventers in PCI recovery bsc1255160. CVE-2025-71183: btrfs: always detect...

8.8CVSS6.8AI score0.00514EPSS
Exploits0References898
Github Security Blog
Github Security Blog
added 2026/06/01 2:17 p.m.17 views

praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR

Summary Type: Insecure Direct Object Reference. The project CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/projects/projectid and GET .../projectid/stats gate access on requireworkspacememberworkspaceid only, then resolve projectid through ProjectService.getprojectid / updateprojecti...

5.8AI score0.00032EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/30 9:9 a.m.14 views

CLSA-2026-1780132171 Fix of 25 CVEs

CVE-2025-68724 - crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid CVE-2025-68724 CVE-2025-71196 - phy: stm32-usphyc: Fix off by one in probe CVE-2025-71196 CVE-2026-23033 - dmaengine: omap-dma: fix dmapool resource leak in error paths CVE-2026-23033 CVE-2026-23049 -...

9.8CVSS5.9AI score0.00501EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.13 views

CVE-2026-45297

OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via projectid case mismatch. ProjectAuthorizer.call OSS api/auth/authproject.py:14-38 and EE ee/api/auth/authproject.py:14-46 only runs...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/29 1:16 p.m.15 views

WordPress StatCounter – Free Real Time Visitor Stats plugin <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin StatCounter versions = 2.1.1...

6.4CVSS5.8AI score0.00305EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/28 6:16 p.m.28 views

CVE-2026-45297

OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via projectid case mismatch. ProjectAuthorizer.call OSS api/auth/authproject.py:14-38 and EE ee/api/auth/authproject.py:14-46 only runs...

5.3CVSS0.00207EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 4:50 p.m.12 views

CVE-2026-45297 Cross-tenant IDOR on feature-flag and assist-stats routes via {project_id} case mismatch

OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via projectid case mismatch. ProjectAuthorizer.call OSS api/auth/authproject.py:14-38 and EE ee/api/auth/authproject.py:14-46 only runs...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:50 p.m.9 views

CVE-2026-45297

OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via projectid case mismatch. ProjectAuthorizer.call OSS api/auth/authproject.py:14-38 and EE ee/api/auth/authproject.py:14-46 only runs...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/28 4:50 p.m.16 views

EUVD-2026-32970

OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via projectid case mismatch. ProjectAuthorizer.call OSS api/auth/authproject.py:14-38 and EE ee/api/auth/authproject.py:14-46 only runs...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 4:50 p.m.28 views

CVE-2026-45297 Cross-tenant IDOR on feature-flag and assist-stats routes via {project_id} case mismatch

OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via projectid case mismatch. ProjectAuthorizer.call OSS api/auth/authproject.py:14-38 and EE ee/api/auth/authproject.py:14-46 only runs...

5.3CVSS0.00207EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 4:50 p.m.31 views

CVE-2026-45297

OpenReplay (self-hosted) before 1.26.0 is affected by a cross-tenant IDOR on feature-flag and assist-stats routes via {project_id} case mismatch. The root cause involves ProjectAuthorizer.call only performing authorization checks when projectIdentifier == "projectId" (camelCase), and, for EE mult...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

OpenReplay 安全漏洞

OpenReplay is an open-source, developer-friendly, and self-hosted session replay software. Versions of OpenReplay prior to 1.26.0 contained security vulnerabilities. These vulnerabilities stemmed from cross-tenant IDOR vulnerabilities in the feature-flag and assist-stats routing mechanisms. Due t...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 2:16 p.m.11 views

CVE-2026-45857

In the Linux kernel, the following vulnerability has been resolved: scsi: csiostor: Fix dereference of null pointer rn The error exit path when rn is NULL ends up deferencing the null pointer rn via the use of the macro CSIOINCSTATS. Fix this by adding a new error return path label after the use ...

5.5CVSS0.00156EPSS
Exploits0References8
Rows per page
Query Builder