CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

171 matches found

OSSF Malicious Packages•added last week•6 views

Malicious code in sf-storybook (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5a1a34bbf1dc84732509c5c5bfbd65adcd442b2665367d0c1bd39dc8301001c On require'sf-storybook', index.js shells out via childprocess to run cat /etc/passwd ./passwd.txt and then POSTs the file contents via curl to...

5.9AI score

Exploits0References1

OSV•added last week•3 views

MAL-2026-6261 Malicious code in sf-storybook (npm)

5.9AI score

Exploits0References1

IBM Security Bulletins•added 2026/06/12 7:30 a.m.•5 views

Security Bulletin: IBM Event Processing is affected by Multiple vulnerabilities

Summary IBM Event Processing is affected by Multiple vulnerabilities and were addressed in IBM Event Processing version 1.5.3 Vulnerability Details CVEID:CVE-2026-27148 DESCRIPTION: Storybook is a frontend workshop for building user interface components and pages in isolation. Prior to versions...

9.6CVSS6.1AI score0.01282EPSS

Exploits2Affected Software1

EUVD•added 2026/06/09 9:59 p.m.•8 views

EUVD-2026-31111

PhoenixStorybook has cross-session PubSub topic injection via URL parameter...

2.3CVSS5.4AI score0.00449EPSS

Exploits0References5

OSV•added 2026/06/09 9:59 p.m.•7 views

GHSA-MRHX-6PW9-Q5FH PhoenixStorybook has cross-session PubSub topic injection via URL parameter

Summary The storybook iframe LiveView accepts a PubSub topic from the URL query string and broadcasts its own pid onto that topic with no check that the topic belongs to the current session. Any unauthenticated visitor who knows or guesses another user's playground topic can hijack the...

2.3CVSS5.5AI score0.00449EPSS

Exploits0References6

EUVD•added 2026/06/09 9:59 p.m.•7 views

EUVD-2026-31114

PhoenixStorybook: Unbounded atom creation from LiveView event params atom-table DoS...

8.2CVSS5.4AI score0.00537EPSS

Exploits0References5

Github Security Blog•added 2026/06/09 9:59 p.m.•9 views

PhoenixStorybook: Unbounded atom creation from LiveView event params (atom-table DoS)

Summary An attacker who can deliver psb-assign, psb-toggle, psb-set-theme, upper-tab-navigation, lower-tab-navigation, playground-change, or playground-toggle LiveView events to a mounted Phoenix Storybook playground can flood the BEAM atom table with attacker-controlled strings, permanently...

8.2CVSS5.5AI score0.00537EPSS

Exploits0References6Affected Software1

EUVD•added 2026/06/09 9:58 p.m.•9 views

EUVD-2026-31112

PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenixstorybook playground...

9.5CVSS6.3AI score0.00907EPSS

Exploits0References5

Github Security Blog•added 2026/06/09 9:58 p.m.•17 views

PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground

Summary An unsafe HEEx template generation vulnerability allows any unauthenticated user to execute arbitrary code on the server. The phoenixstorybook playground accepts user-controlled attribute values over WebSocket and interpolates them unsanitized into a HEEx template that is subsequently...

9.5CVSS6.8AI score0.00907EPSS

Exploits0References6Affected Software1

OSV•added 2026/06/09 9:58 p.m.•6 views

GHSA-55HG-8QXV-QJ4P PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground

9.5CVSS6.8AI score0.00907EPSS

Exploits0References6

RedhatCVE•added 2026/06/05 7:19 p.m.•10 views

CVE-2026-5262

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an unauthenticated user to access tokens in the Storybook development environment due to improper input...

8CVSS5.5AI score0.00223EPSS

Exploits0References1

RedhatCVE•added 2026/05/21 7:57 p.m.•6 views

CVE-2026-8469

Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenixstorybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied event parameter strings to atoms using String.toatom/1 without...

8.2CVSS5.8AI score0.00537EPSS

Exploits0References1

RedhatCVE•added 2026/05/21 7:57 p.m.•9 views

CVE-2026-47068

Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenixstorybook allows cross-session PubSub topic injection via a URL query parameter. 'Elixir.PhoenixStorybook.Story.ComponentIframeLive':handleparams/3 in lib/phoenixstorybook/live/story/componentiframelive.ex read...

2.3CVSS5.8AI score0.00449EPSS

Exploits0References1

RedhatCVE•added 2026/05/21 7:57 p.m.•11 views

CVE-2026-8467

Code Injection vulnerability in phenixdigital phoenixstorybook allows unauthenticated remote code execution via unsanitized attribute value interpolation in HEEx template generation. The psb-assign WebSocket event handler in 'Elixir.PhoenixStorybook.Story.PlaygroundPreviewLive':handleevent/3...

9.5CVSS6.6AI score0.00907EPSS

Exploits0References1