Exploit for Authentication Bypass by Primary Weakness in Crushftp

CVE-2025-31161 is a critical severity vulnerability allowing att...

EUVD-2020-7706

Malware in sbrugna...

Mattermost Path Traversal vulnerability

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...

Mattermost Does Not Sanitize the Team Invite ID

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2 fail to sanitize the team invite ID in the POST /api/v4/teams/:teamId/restore endpoint which allows an team admin with no member invite privileges to get the team’s invite id...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from an uncleaned Team Invitation ID, which could lead to the acquisition of a Team Invitation ID.The following versions are affected: 10.8.3 an...

CVE-2025-24915

When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location...

CVE-2025-24915

When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location...

Tenable Nessus Agent < 10.7.4 / 10.8.x < 10.8.3 Privilege Escalation (TNS-2025-02 & TNS-2025-03)

According to its self-reported version, the Tenable Nessus Agent running on the remote Windows host is prior to 10.7.4 or 10.8.x prior to 10.8.3. It is, therefore, affected by a privilege escalation vulnerability as outlined in the TNS-2025-02 & TNS-2025-03 advisories when installed on a...

Tenable Nessus Agent 安全漏洞

Tenable Nessus Agent is a vulnerability scanning program from Tenable USA. A security vulnerability exists in Tenable Nessus Agent versions prior to 10.8.3, which stems from a failure to enforce security permissions on subdirectories when installed to a non-default location on a Windows host,...

[R2] Nessus Agent Version 10.8.3 Fixes One Vulnerability

R2 Nessus Agent Version 10.8.3 Fixes One Vulnerability Arnie Cabral Thu, 03/20/2025 - 11:44 When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories. This could allow for local privilege...

Tenable Nessus Multiple Vulnerabilities (TNS-2024-15, TNS-2024-16)

Tenable Nessus is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessus"; ifdescripti...

Tenable Nessus < 10.8.3 Multiple Vulnerabilities (TNS-2024-15 & TNS-2024-16)

According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 10.8.3. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2024-15 and TNS-2024-16 advisories. - Nessus leverages third-party software to help provide...

CVE-2024-27295 Directus MySQL accent insensitive email matching

Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more...

Directus Security Vulnerabilities

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 10.8.3, which stems from a vulnerability that allows an attacker to receive password reset emails from victimized users...

PT-2024-2179 · Unknown +2 · Mysql Server +2

Name of the Vulnerable Software and Affected Versions: Directus versions prior to 10.8.3 Description: The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim wi...

Jellyfin 跨站脚本漏洞

Jellyfin is a freeware media system. It allows you to control the management and streaming of media. It is an alternative to the proprietary Emby and Plex, and can serve media from a dedicated server to end-user devices through multiple applications. A security vulnerability exists in Jellyfin...

CVE-2019-6022

Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function...

CVE-2019-6022

Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function...

Cybozu Office "Customapp" Directory Traversal Vulnerability

Cybozu Office is a Web-based, cross-platform collaboration solution from Cybozu. A path traversal vulnerability exists in Cybozu Office versions 10.0.0 through 10.8.3. The vulnerability stems from a failure of a networked system or product to properly filter special elements in the path of a...

Cybozu Office Access Control Error Vulnerability

Cybozu Office is a Web-based, cross-platform collaboration solution from Cybozu. An access control error vulnerability exists in Cybozu Office versions 10.0.0 to 10.8.3, which can be exploited by an attacker to obtain unauthorized data via the application "Address"...