Lucene search
K

83 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-16368

Malware in sbrugna...

9CVSS7AI score0.03895EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-1999-1566

Malware in sbrugna...

7.2CVSS6.4AI score0.00357EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-37335

Malicious code in bioql PyPI...

9.3CVSS8.2AI score0.00192EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-18199

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.00639EPSS
Exploits0References1
CVE
CVE
added 2025/09/09 9:12 p.m.16 views

CVE-2025-9997

CVE-2025-9997 relates to an OS command injection in BLMon Console (Schneider Electric) triggered during SSH sessions when running netstat. The root cause is improper neutralization of special elements in OS commands (CWE-78), potentially allowing execution of arbitrary shell commands on the affec...

5.8CVSS7.1AI score0.00503EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.7 views

PT-2025-36979

Name of the Vulnerable Software and Affected Versions: BLMon affected versions not specified Description: An OS Command Injection issue exists in BLMon that could allow command injection when executed in the operating system console during an SSH session. The issue is related to the improper...

5.8CVSS7AI score0.00503EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/05/27 1:14 a.m.2 views

SUSE CVE-2025-2570

Mattermost versions 10.5.x = 10.5.3, 9.11.x = 9.11.11 fail to check RestrictSystemAdmin setting if user doesn't have access to ExperimentalSettings which allows a System Manager to access ExperimentSettings when RestrictSystemAdmin is true via System Console...

2.7CVSS6.9AI score0.00278EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 6:40 a.m.9 views

CVE-2016-11078

An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information credential fields within config.json via the System Console UI...

6.5CVSS6.3AI score0.00933EPSS
Exploits0References1
Snyk
Snyk
added 2025/05/15 6:31 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the ExperimentalSettings function. An attacker can exploit this issue by accessing unauthorized settings through the System Console. Note: This is only exploitable if the RestrictSystemAdmin setting is true,...

5.1CVSS6.9AI score0.00278EPSS
Exploits0References2
NVD
NVD
added 2025/05/15 4:15 p.m.8 views

CVE-2025-2570

Mattermost versions 10.5.x = 10.5.3, 9.11.x = 9.11.11 fail to check RestrictSystemAdmin setting if user doesn't have access to ExperimentalSettings which allows a System Manager to access ExperimentSettings when RestrictSystemAdmin is true via System Console...

2.7CVSS0.00278EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/04/24 12:0 a.m.19 views

Mattermost Server 9.11.x < 9.11.10 / 10.4.x < 10.4.4 / 10.5.x < 10.5.2 / 10.6.0 (MMSA-2025-00436)

The version of Mattermost Server installed on the remote host is prior to 9.11.10, 10.4.4, or 10.5.2 / 10.6.0. It is, therefore, affected by a vulnerability as referenced in the MMSA-2025-00436 advisory. - Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to properly...

4.3CVSS4.8AI score0.00229EPSS
Exploits0References2
OSV
OSV
added 2025/04/16 5:15 p.m.6 views

CVE-2025-2564

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archived channels even when this setting is disabled...

4.3CVSS6.5AI score
Exploits0References1
Cvelist
Cvelist
added 2025/04/16 4:12 p.m.16 views

CVE-2025-2564 Unauthorized View Access to Archived Channel Member Info

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archived channels even when this setting is disabled...

4.3CVSS0.00229EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/06 4:29 p.m.11 views

CVE-2024-20484 Cisco Enterprise Chat and Email Denial of Service Vulnerability

A vulnerability in the External Agent Assignment Service EAAS feature of Cisco Enterprise Chat and Email ECE could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation of Media Routing...

7.5CVSS7AI score0.00639EPSS
Exploits0References1
Veracode
Veracode
added 2024/08/29 5:34 a.m.14 views

Path Traversal

github.com/mattermost/mattermost-server is vulnerable to Path Traversal. The vulnerability is due to insufficient input sanitization in the frontend for user-provided redirection paths. This allows attackers to craft malicious links that trick unsuspecting users into clicking on them, leading to...

8.8CVSS6.6AI score0.0019EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2024/08/29 12:0 a.m.3 views

Mattermost Path Traversal Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a path traversal vulnerability that stems from an inability to clean up front-end user input used for redirection, which can be exploited by an attacker to cause a cross-site...

8.8CVSS7AI score0.0019EPSS
Exploits0References1
NVD
NVD
added 2024/08/22 7:15 a.m.18 views

CVE-2024-40886

Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0, 9.8.x = 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in User Management page of the system console...

8.8CVSS0.0019EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/22 6:39 a.m.34 views

CVE-2024-8071 System Role with edit access to permissions can elevate themselves to system admin

Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0 and 9.8.x = 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to the permissions section of system console to update their role e.g. member to include the managesystem...

4.7CVSS0.00344EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/22 6:32 a.m.22 views

CVE-2024-40886 One-click Client-Side Path Traversal Leading to CSRF in User Management admin page

Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0, 9.8.x = 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in User Management page of the system console...

4.6CVSS0.0019EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/22 6:32 a.m.9 views

CVE-2024-40886 One-click Client-Side Path Traversal Leading to CSRF in User Management admin page

Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0, 9.8.x = 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in User Management page of the system console...

4.6CVSS6.9AI score0.0019EPSS
Exploits0References1
Rows per page
Query Builder