97 matches found
EUVD-2014-1393
Malware in sbrugna...
EUVD-2016-5834
Malware in sbrugna...
EUVD-2014-1341
Malware in sbrugna...
Mattermost Fails to Sanitize Path Traversal Sequences
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2 fails to sanitize path traversal sequences in template file destination paths, which allows a system admin to perform path traversal attacks via malicious path components, potentially enabling malicious file...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 10.8.3 and prior to 10.8.x, 10.5.8 and prior to 10.5.x, 9.11.17 and prior to 9.11.x, 10.10.0 and prior to 10.10.x, and 10.9.3 and prior to 10.9.x,...
Linux Distros Unpatched Vulnerability : CVE-2022-27447
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binarystring::freebuffer at /sql/sqlstring.h. CVE-2022-27447 Note th...
UBUNTU-CVE-2025-54881
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML duri...
AXIS OS 安全漏洞
AXIS OS is an edge device operating system from Axis Sweden. A security vulnerability exists in AXIS OS versions 10.9 through 12.0 that stems from insufficient input validation and could lead to command injection...
PT-2024-32528 · Unknown · Salon Booking System
Name of the Vulnerable Software and Affected Versions: Salon Booking System versions through 10.9 Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This vulnerability affects the Salon Booking System, allowing for potential unauthorized access...
CVE-2024-4327
A vulnerability was found in Apryse WebViewer up to 10.8.0. It has been classified as problematic. This affects an unknown part of the component PDF Document Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to...
CVE-2024-4327 Apryse WebViewer PDF Document cross site scripting
A vulnerability was found in Apryse WebViewer up to 10.8.0. It has been classified as problematic. This affects an unknown part of the component PDF Document Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to...
CVE-2024-4327 Apryse WebViewer PDF Document cross site scripting
A vulnerability was found in Apryse WebViewer up to 10.8.0. It has been classified as problematic. This affects an unknown part of the component PDF Document Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to...
CVE-2023-28049
Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete...
CVE-2023-25836
There is a Cross-site Scripting vulnerability in Esri Portal for ArcGIS Sites in versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required...
CVE-2023-25837 BUG-000133088 - ArcGIS Enterprise site builder is subject to stored XSS.
There is a Cross‑Site Scripting XSS vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which, when clicked by a victim, could result in the execution of arbitrary JavaScript code in the target’s browser...
CVE-2023-25837 BUG-000133088 - ArcGIS Enterprise site builder is subject to stored XSS.
There is a Cross‑Site Scripting XSS vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which, when clicked by a victim, could result in the execution of arbitrary JavaScript code in the target’s browser...
CVE-2023-25836 BUG-000135364 XSS in 10.8.1 sites builder iframe source
There is a Cross-site Scripting vulnerability in Esri Portal for ArcGIS Sites in versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required...
CVE-2023-25836
CVE-2023-25836 describes a cross-site scripting vulnerability in Esri Portal for ArcGIS Sites (versions 10.9 and below). A remote, authenticated attacker can craft a link that, when clicked, executes arbitrary JavaScript in the victim’s browser. Privileges required are low, and user interaction i...
CVE-2023-25836 BUG-000135364 XSS in 10.8.1 sites builder iframe source
There is a Cross-site Scripting vulnerability in Esri Portal for ArcGIS Sites in versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required...
Esri Portal For ArcGIS 跨站脚本漏洞
Esri Portal For ArcGIS is a component from Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal For ArcGIS versions 10.8.1 through 10.9, which stems from the presen...