CVE-2026-45776

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's access control logic allows an attacker to submit a crafted HTTPS POST request that sets a session variable used for authorization decisions. If an installation of Open XDMoD...

PT-2026-25685

Mattermost Plugins versions =11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559...

Path Traversal node-tar Dependency in Jira Software Data Center

This High severity Path Traversal vulnerability was introduced in versions 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.1 of Jira Software Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.8 and a CVS...

CVE-2026-2844

Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.This issue affects TimePictra: from 11.0 through 11.3 SP2...

Microchip TimePictra 安全漏洞

Microchip TimePictra is a synchronization network management software developed by the American company Microchip. Versions of Microchip TimePictra 11.3 SP2 and earlier contained security vulnerabilities. These vulnerabilities were due to improper input during web page generation, which could lea...

CVE-2026-2141

A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java of the component URL Handler. Performing a manipulation results in improper authorization...

CVE-2021-39876

In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups...

CVE-2024-51950

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

CVE-2024-51947

ArcGIS Server (Esri) vulnerable: stored XSS in ArcGIS Server versions 11.3 and below via a crafted link, exploitable by a remote, authenticated attacker with publisher privileges. Impact is low on confidentiality and integrity; no impact to availability. Root cause: stored cross-site scripting in...

CVE-2023-47712

IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local user to gain elevated privileges on the system due to improper permissions control. IBM X-Force ID: 271527...

UBUNTU-CVE-2024-0199

An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions...

CVE-2023-40545

Authentication bypass when an OAuth2 Client is using clientsecretjwt as its authentication method on affected 11.3 versions via specially crafted requests...

Ping Identity PingFederate Access Control Error Vulnerability

Ping Identity PingFederate is a flagship software-based federation server in the United States. used for identity management. Ping Identity A security vulnerability exists in PingFederate version 11.3, which stems from the fact that authentication can be bypassed...

IBM Security Guardium 安全漏洞

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. An authentication error vulnerability exists in IBM Securit...

CVE-2022-41441

Multiple cross-site scripting XSS vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters...

PT-2022-25338 · Canto · Canto Cumulus

Name of the Vulnerable Software and Affected Versions: Canto Cumulus versions through 11.1.3 Description: A Server-Side Request Forgery issue allows attackers to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the server parameter to the...

GitLab 安全漏洞

GitLab is an open source end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, etc. GitLab CE/EE versions 11.3 and later are vulnerable to an information disclosure vulnerability...

IBM Security Guardium 信息泄露漏洞

IBM Security Guardium is a comprehensive data protection solution that provides full data security capabilities from compliance support to dynamic data masking. an information disclosure vulnerability exists in IBM Security Guardium version 11.3. An attacker could exploit the vulnerability to...

DEBIAN-CVE-2018-4209

In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks...

CVE-2018-3272

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Kernel Zones Virtualized NIC Driver. The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes t...