5 matches found
CVE-2026-0999 Authentication bypass via userID login when email and username login are disabled
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...
CVE-2024-51947
ArcGIS Server (Esri) vulnerable: stored XSS in ArcGIS Server versions 11.3 and below via a crafted link, exploitable by a remote, authenticated attacker with publisher privileges. Impact is low on confidentiality and integrity; no impact to availability. Root cause: stored cross-site scripting in...
Esri ArcGIS Server 跨站脚本漏洞
Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...
Faveo Helpdesk SQL注入漏洞
Faveo Helpdesk is an open source ticketing system built by Faveo based on Laravel framework. A security vulnerability exists in Faveo Helpdesk versions 1.0 through 1.11.1, which stems from a controlled parameter passed from the front-end of the login box to the back-end, resulting in an SQL...
Google Android Framework Information Disclosure Vulnerability (CNVD-2021-29058)
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An information disclosure vulnerability exists in the Framework component of Google Android 8.1, 9, 10, and 11. No details of the vulnerability are provided at this...