Lucene search
K

9 matches found

Github Security Blog
Github Security Blog
added 2025/11/27 6:30 p.m.13 views

Mattermost fails to sanitize team email addresses

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/channelid/commonteams endpoint...

4.3CVSS6.8AI score0.00187EPSS
Exploits0References9Affected Software2
Snyk
Snyk
added 2025/11/14 8:43 a.m.1 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade...

5.4CVSS6.7AI score0.00163EPSS
Exploits0References2
OSV
OSV
added 2025/07/23 12:15 a.m.3 views

CVE-2025-43484

A potential reflected cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website does not validate or sanitize the user input before rendering it in the response. HP has addressed the issue in the latest software update...

6.1CVSS5.6AI score0.00186EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/23 12:0 a.m.5 views

HP Poly Clariti Manager 安全漏洞

HP Poly Clariti Manager is a centralized management, control, and optimization software for video conferencing infrastructure from Hewlett-Packard HP in the United States. A security vulnerability exists in HP Poly Clariti Manager versions prior to 10.12.1, which stems from a vulnerability that...

5.9CVSS6.5AI score0.00149EPSS
Exploits0References2
CVE
CVE
added 2025/07/22 11:36 p.m.21 views

CVE-2025-43489

CVE-2025-43489 affects Hewlett-Packard Poly Clariti Manager prior to 10.12.1. The issue is a deserialization of untrusted data without validation in Poly Clariti Manager. HP has addressed the issue in the latest software update (version 10.12.1 or later). Connected documents confirm the affected ...

5.2CVSS7.1AI score0.00252EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/07/22 11:21 p.m.9 views

CVE-2025-43486 Poly Clariti Manager - Multiple Security Vulnerabilities

A potential stored cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website allows user input to be stored and rendered without proper sanitization. HP has addressed the issue in the latest software update...

5.7CVSS0.00178EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/22 12:0 a.m.9 views

PT-2025-30501 · Poly · Poly Clariti Manager

Name of the Vulnerable Software and Affected Versions: Poly Clariti Manager versions prior to 10.12.1 Description: A security issue has been identified in Poly Clariti Manager that may allow the retrieval of hardcoded cryptographic keys. Recommendations: Update Poly Clariti Manager to version...

5.9CVSS6.4AI score0.00149EPSS
Exploits0References7
OSV
OSV
added 2017/02/20 8:59 a.m.2 views

CVE-2016-4678

An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "AppleSMC" component. It allows local users to gain privileges or cause a denial of service NULL pointer dereference via unspecified vectors...

7.8CVSS5.8AI score0.00321EPSS
Exploits0References3
CNVD
CNVD
added 2016/11/24 12:0 a.m.3 views

Apple macOS Sierra Mail Denial of Service Vulnerability

Apple macOS Sierra is a dedicated operating system for Mac computers developed by Apple Inc. Mail is one of the mail modules. A denial of service vulnerability exists in Mail in Apple macOS Sierra versions prior to 10.12.1. An attacker can exploit this vulnerability to cause a denial of service v...

6.5CVSS6.4AI score0.00849EPSS
Exploits0References1
Rows per page
Query Builder