Recent vulnerabilities
Recent vulnerabilities from
Select from 70 available sources using the dropdown above.
| ID | Description | Published | Updated |
|---|---|---|---|
| bit-prometheus-2026-44903 | Prometheus: Stored XSS via crafted histogram bucket label values in the heatmap display of the old Prometheus web UI | 2026-05-28T11:26:41.321Z | 2026-05-28T11:48:30.090Z |
| bit-gitlab-2026-8716 | Use of Incorrectly-Resolved Name or Reference in GitLab | 2026-05-28T09:12:33.250Z | 2026-05-28T09:14:08.616Z |
| bit-gitlab-2026-6713 | Incorrect Authorization in GitLab | 2026-05-28T09:12:21.055Z | 2026-05-28T09:14:08.616Z |
| bit-gitlab-2026-5296 | Missing Authorization in GitLab | 2026-05-28T09:12:08.866Z | 2026-05-28T09:14:08.616Z |
| bit-gitlab-2026-4868 | Authorization Bypass Through User-Controlled Key in GitLab | 2026-05-28T09:12:00.120Z | 2026-05-28T09:14:08.616Z |
| bit-gitlab-2026-2601 | Missing Authorization in GitLab | 2026-05-28T09:11:24.534Z | 2026-05-28T09:14:08.616Z |
| bit-gitlab-2026-1402 | Allocation of Resources Without Limits or Throttling in GitLab | 2026-05-28T09:10:55.604Z | 2026-05-28T09:14:08.616Z |
| bit-moodle-2022-50943 | Moodle LMS 4.0 Cross-Site Scripting via course search.php | 2026-05-28T08:53:04.751Z | 2026-05-28T09:14:08.616Z |
| bit-mlflow-2026-2614 | Arbitrary File Read via Prompt Tag Source Validation Bypass in mlflow/mlflow | 2026-05-28T08:50:49.461Z | 2026-05-28T09:14:08.616Z |
| bit-mlflow-2026-2393 | Server-Side Request Forgery (SSRF) in mlflow/mlflow | 2026-05-28T08:50:47.716Z | 2026-05-28T09:14:08.616Z |
| bit-joomla-2026-40383 | Joomla! Core - [20260509] - LFI in HTMLView layout parameter | 2026-05-28T08:46:02.813Z | 2026-05-28T09:14:08.616Z |
| bit-joomla-2026-35222 | Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags | 2026-05-28T08:46:01.336Z | 2026-05-28T09:14:08.616Z |
| bit-joomla-2026-35221 | Joomla! Core - [20260506] - Authenticated blind SQLi in com_finder | 2026-05-28T08:45:59.925Z | 2026-05-28T09:14:08.616Z |
| bit-joomla-2026-35220 | Joomla! Core - [20260505] - CSRF in user activation endpoint | 2026-05-28T08:45:58.422Z | 2026-05-28T09:14:08.616Z |
| bit-joomla-2026-30895 | Joomla! Core - [20260504] - XSS in readmore links | 2026-05-28T08:45:56.909Z | 2026-05-28T09:14:08.616Z |
| bit-joomla-2026-30894 | Joomla! Core - [20260503] - XSS in com_contenthistory | 2026-05-28T08:45:55.396Z | 2026-05-28T09:14:08.616Z |
| bit-joomla-2026-25901 | Joomla! Core - [20260502] - XSS in com_associations | 2026-05-28T08:45:54.008Z | 2026-05-28T09:14:08.616Z |
| bit-joomla-2026-25900 | Joomla! Core - [20260501] - XSS in feed modules | 2026-05-28T08:45:52.481Z | 2026-05-28T09:14:08.616Z |
| bit-jupyterhub-2026-40864 | JupyterHub: Cross-origin form POSTs bypass XSRF | 2026-05-28T08:43:54.207Z | 2026-05-28T09:14:08.616Z |
| bit-ruby-2026-46727 | 2026-05-27T08:57:36.720Z | 2026-05-27T09:16:35.330Z | |
| bit-joomla-2026-48905 | Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes filter code. | 2026-05-27T08:47:48.386Z | 2026-05-27T09:16:35.330Z |
| bit-joomla-2026-48904 | Joomla! Core - [20260514] - Privilege escalation through com_users webservice endpoints | 2026-05-27T08:47:46.901Z | 2026-05-27T09:16:35.330Z |
| bit-joomla-2026-48903 | Joomla! Framework - [20260519] - Inadequate content filtering within the checkAttribute filter code. | 2026-05-27T08:47:45.357Z | 2026-05-27T09:16:35.330Z |
| bit-joomla-2026-48900 | Joomla! Core - [20260516] - Incorrect Access Control in com_scheduler | 2026-05-27T08:47:43.780Z | 2026-05-27T09:16:35.330Z |
| bit-joomla-2026-48899 | Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins | 2026-05-27T08:47:42.225Z | 2026-05-27T09:16:35.330Z |
| bit-joomla-2026-48898 | Joomla! Core - [20260513] - Privilege escalation through com_users batch task | 2026-05-27T08:47:40.861Z | 2026-05-27T09:16:35.330Z |
| bit-discourse-2026-34154 | Discourse has a subscription access bypass in its discourse-subscriptions plugin | 2026-05-25T14:46:55.451Z | 2026-05-25T15:17:13.809Z |
| bit-discourse-2026-33514 | Discourse: Information Disclosure in Form Template API Due to Missing Authorization | 2026-05-25T14:46:52.791Z | 2026-05-25T15:17:13.809Z |
| bit-authentik-2026-40165 | authentik: SAML NameID XML Comment Injection Enables Authentication Bypass via Identifier Truncation | 2026-05-25T14:36:29.153Z | 2026-05-25T15:17:13.809Z |
| bit-memcached-2026-47784 | 2026-05-22T08:47:49.029Z | 2026-05-22T09:16:34.647Z |