CVE-2025-15597

A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been...

PT-2026-22545

A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been...

PT-2026-21857

Name of the Vulnerable Software and Affected Versions Flask-Reuploaded versions prior to 1.5.0 Description Flask-Reuploaded, a file upload package for Flask, contains a path traversal and extension bypass flaw. This allows remote attackers to perform arbitrary file writes and achieve remote code...

SUSE CVE-2025-54813

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON...

CVE-2025-54813

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON...

CVE-2025-54813

CVE-2025-54813 affects Apache Log4cxx prior to 1.5.0, due to improper output neutralization for JSONLayout where certain non‑printable characters in attacker-supplied messages are not escaped, potentially impacting log consumption. Fedora advisory confirms a 1.5.0-1.fc41 update as the fix, and De...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the GET subscription endpoint. An attacker can access sensitive subscription details by sending unauthorized API requests. Remediation Upgrade github.com/mattermost/mattermost-plugin-confluence/server/serialize...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the edit subscription endpoint. An attacker can gain unauthorized access to edit subscriptions for spaces they do not have permission to access by sending crafted requests. Remediation Upgrade...

PT-2019-15356 · Unknown · Control Center Server

Name of the Vulnerable Software and Affected Versions: Control Center Server CCS versions prior to V1.5.0 Description: A remote attacker with network access to the CCS server could exploit an authentication bypass vulnerability in the XML-based communication protocol, as provided by default on...

Cross-site Scripting (XSS)

Overview angularjs is a Affected versions of this package are vulnerable to Cross-site Scripting XSS. due to the usemap attribute not being blacklisted. Remediation Upgrade angularjs to version 1.5.0 or higher. References - GitHub ChangeLog - GitHub Commit - GitHub PR Credit: Lucas Mirelmann...