Magma 安全漏洞

Magma is an open source software platform from Magma Open Source. Provides network operators with an open, flexible and scalable mobile core network solution. Magma has a buffer overflow vulnerability that can be exploited by an attacker to trigger a denial of service DoS via a carefully crafted...

Magma 代码问题漏洞

Magma is an open source software platform from Magma Open Source. Provides network operators with an open, flexible and scalable mobile core network solution. Magma has a null pointer dereference vulnerability that can be exploited by an attacker to crash MME...

Mattermost Denial of Service Vulnerability (CNVD-2025-12635)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A denial of service vulnerability exists in Mattermost. The vulnerability stems from a failure to properly handle attachments that contain string fields. An attacker could exploit the vulnerability to...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a denial-of-service vulnerability that can be exploited by attackers to cause a system crash...

Progress Sitefinity 安全漏洞

Progress Sitefinity is an open source platform for building corporate websites and intranets from Progress, Inc. in the United States. A security vulnerability exists in Progress Sitefinity that stems from improper input neutralization during web page generation, resulting in a cross-site scripti...

Progress Sitefinity 安全漏洞

Progress Sitefinity is an open source platform for building corporate websites and intranets from Progress, Inc. in the United States. A security vulnerability exists in Progress Sitefinity, which stems from an error message vulnerability that could lead to information disclosure...

CVE-2024-49765

CVE-2024-49765 affects Discourse where sites enabling Discourse Connect alongside local login methods could allow an attacker to bypass Discourse Connect to create accounts and log in. The issue is described as a bypass of login paths rather than a remote exploit; affected component is the Discou...

CVE-2024-52794 Magnific lightbox susceptible to Cross-site Scripting in Discourse

Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability...

CVE-2024-52590 Missing validation allows spoofed profiles in Misskey

Misskey is an open source, federated social media platform. In affected versions missing validation in ApRequestService.signedGet allows an attacker to create fake user profiles that appear to be from a different instance than the one where they actually exist. These profiles can be used to...

CVE-2024-54139 Combodo iTop vulnerable to XSS leading to CSRF breach on _table_id parameter

Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the tableid parameter. Versions 2.7.11, 3.1.2, and 3.2.0 contain a patch for the...

Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware

A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024. "Cybercriminals have been taking advantage of Godot Engine to execute crafted GDScript code which triggers malicious commands...

eNMS 路径遍历漏洞

eNMS is an open source network automation platform from eNMS. A path traversal vulnerability exists in eNMS version 4.2 and earlier. An attacker could exploit this vulnerability to access sensitive files or directories on the system...

eLabFTW 安全漏洞

eLabFTW is an open source experimental data hosting platform from eLabFTW Open Source. The platform runs on Linux and supports storing a wide range of objects. A security vulnerability exists in eLabFTW that stems from allowing initially unauthenticated users to gain administrative access to...

Scout 安全漏洞

Scout is an open source platform from Clinical Genomics for analyzing VCFs and being able to aid collaborations to solve rare diseases faster. A security vulnerability exists in Scout versions prior to 4.89 that stems from a lack of filename cleanup and can bypass expected file extensions and all...

Mautic 安全漏洞

Mautic is an open source marketing automation software from Mautic Open Source. The software monitors and manages websites, sends emails and manages customer resources. Mautic suffers from a security vulnerability that stems from being susceptible to SQL injection attacks, which allow an attacker...

Android Open Source Platform (AOSP) Browser UXSS

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Android Open Source Platform AOSP Browser UXSS', 'Description' = %q This module exploits a Universal Cross-Site Scripting UXSS vulnerability...

Android Open Source Platform (AOSP) Browser UXSS

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Android Open Source Platform AOSP Browser UXSS', 'Description' = %q This module exploits a Universal Cross-Site Scripting UXSS vulnerability...

Silverpeas 安全漏洞

Silverpeas is a suite of open source business collaboration platforms from Silverpeas Open Source. The platform includes applications for project management, blogs, forums, and document management. A security vulnerability exists in Silverpeas v.6.4.2 and earlier versions, which stems from a...

CVE-2024-37299

Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, crafting requests to submit very long tag group names can reduce the availability of a Discourse instance. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5...

Discourse 安全漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as communities, email and chat rooms. Discourse has a security vulnerability that stems from not properly cleaning Onebox data...