CVE-2026-24816

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in datavane tis tis-console/src/main/java/com/qlangtech/tis/runtime/module/action modules. This vulnerability is associated with program files ChangeDomainAction.Java. This issue affects tis: before v4.3.0...

CVE-2026-24816

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in datavane tis tis-console/src/main/java/com/qlangtech/tis/runtime/module/action modules. This vulnerability is associated with program files ChangeDomainAction.Java. This issue affects tis: before v4.3.0...

CVE-2026-24815 A XStream Security Vulnerability in XML Deserialization in datavane/tis

Unrestricted Upload of File with Dangerous Type, Deserialization of Untrusted Data vulnerability in datavane tis tis-plugin/src/main/java/com/qlangtech/tis/extension/impl modules. This vulnerability is associated with program files XmlFile.Java. This issue affects tis: before v4.3.0...

PT-2026-4890

Unrestricted Upload of File with Dangerous Type, Deserialization of Untrusted Data vulnerability in datavane tis tis-plugin/src/main/java/com/qlangtech/tis/extension/impl modules. This vulnerability is associated with program files XmlFile.Java. This issue affects tis: before v4.3.0...

SUSE CVE-2017-18875

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files...

SUSE CVE-2017-18883

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data...

Linux Distros Unpatched Vulnerability : CVE-2019-19962

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL before 4.3.0 mishandles calls to wcSignatureGenerateHash, leading to fault injection in RSA cryptography. CVE-2019-19962 Note that Nessus relies on the...

PT-2024-13022 · Win Zapp · Win Zapp

Name of the Vulnerable Software and Affected Versions: Win ZApp versions prior to 4.3.0 Description: The issue is related to an arbitrary file deletion in ZSATrayManager, which is responsible for protecting the temporary encrypted ZApp issue reporting file from unprivileged end user access and...

Mattermost Server does not properly restrict use of slash commands

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands...

Unspecified vulnerability in parser-server

parser-server is an API server module for Node/Express. A security vulnerability exists in parser-server version 3.5.0 through versions prior to 4.3.0, which can be exploited by attackers to bypass security restrictions...

Unspecified Vulnerability in Mattermost Server (CNVD-2020-41481)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.3.0, 4.2.1, and 4.1.2. An attacker can exploit this vulnerability to determine the existence of arbitrary files...

Mattermost Server Cross-Site Scripting Vulnerability (CNVD-2020-48232)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.3.0, 4.2.1 and 4.1.2. The vulnerability stems from the WEB application's lack of proper validation of client data. An attacke...

CVE-2020-1709

A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their...

CVE-2020-1705

A vulnerability was found in openshift/template-service-broker-operator in all 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/template-service-broker-operator. An attacker with access to the container could use this...

kamailio Privilege Acquisition Vulnerability

kamailio is an open source GPL-based SIP Session Initiation Protocol, Session Initiation Protocol server developed by the FhG FOKUS Institute in Germany . A security vulnerability exists in kamailio versions prior to 4.3.0. An attacker can exploit this vulnerability to gain privileges...

Default configuration

The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailioctl...

UBUNTU-CVE-2016-2086

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header...

security flaw

Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image...