CVE-2026-5308

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...

Grafana 11.4.x < 11.4.3 Improper Authorization

According to its self-reported version, the Grafana install hosted on the remote host is prior to 10.4.17, or 11.2.x prior to 11.2.8, or 11.3.x prior to 11.3.5, or 11.4.x prior to 11.4.3, or 11.5.x prior to 11.5.3. It is, therefore, affected by an improper authorization. - Grafana's datasource...

Grafana 11.5.x < 11.5.3 Improper Authorization

According to its self-reported version, the Grafana install hosted on the remote host is prior to 10.4.17, or 11.2.x prior to 11.2.8, or 11.3.x prior to 11.3.5, or 11.4.x prior to 11.4.3, or 11.5.x prior to 11.5.3. It is, therefore, affected by an improper authorization. - Grafana's datasource...

Grafana 11.1.x < 11.5.3+security-01 Cross-site Scripting

According to its self-reported version, the Grafana install hosted on the remote host is 11.1.x earlier than 11.2.8+security-01, or 11.1.x earlier than 11.3.5+security-01, or 11.1.x earlier than 11.4.3+security-01, or 11.1.x earlier than 11.5.3+security-01, or 11.1.x earlier than...

CVE-2023-49203

Technitium 11.5.3 allows remote attackers to cause a denial of service bandwidth amplification because the DNSBomb manipulation causes accumulation of low-rate DNS queries such that there is a large-sized response in a burst of traffic...

CVE-2023-49203

Technitium 11.5.3 allows remote attackers to cause a denial of service bandwidth amplification because the DNSBomb manipulation causes accumulation of low-rate DNS queries such that there is a large-sized response in a burst of traffic...

Technitium DNS Server 安全漏洞

Technitium DNS Server is an open source authoritative and recursive DNS server from the Technitium team. It can be used to self-host DNS servers for privacy and security. A security vulnerability exists in Technitium DNS Server version 11.5.3, which stems from a DNSBomb operation that can lead to...

CVE-2023-49203

Summary (CVE-2023-49203) Technitium DNS Server 11.5.3 is affected by a denial of service via a DNSBomb manipulation that causes accumulation of low-rate DNS queries, producing a large burst of responses and overwhelming bandwidth. This is described across multiple sources (NVD, Red Hat security, ...

GitLab Directory Traversal Vulnerability (CVE-2018-19856)

GitLab is prone to a directory traversal vulnerability in the Templates API. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2020-7303

Cross Site scripting vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user's browser via adding a new label...

CVE-2020-7304

Cross site request forgery vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label...

CVE-2020-7305

Privilege escalation vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user credentials...

Description of the Microsoft Office 2004 for Mac 11.5.3 Update

Describes the Microsoft Office 2004 for Mac 11.5.3 Update and the changes that the update makes to Office 2004 for Mac and its programs.INTRODUCTIONMicrosoft has released security bulletins MS08-072 and MS08-074. These security bulletins contain all the relevant information about the security...

VMware Fusion USB Arbitrator Setuid Privilege Escalation Exploit

This Metasploit module exploits an improper use of setuid binaries within VMware Fusion versions 10.1.3 through 11.5.3. The Open VMware USB Arbitrator Service can be launched outside of its standard path which allows loading of an attacker controlled binary. By creating a payload in the user home...

VMware Fusion USB Arbitrator Setuid Privilege Escalation

This exploits an improper use of setuid binaries within VMware Fusion 10.1.3 - 11.5.3. The Open VMware USB Arbitrator Service can be launched outide of its standard path which allows loading of an attacker controlled binary. By creating a payload in the user home directory in a specific folder, a...

CVE-2018-19856

CVE-2018-19856 affects GitLab CE/EE with directory traversal in the Templates API. Affected versions: GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3. Root cause is a directory traversal vulnerability in the Templates API that could expose sensitive data. CVSS metrics...