GHSA-MPC7-MM28-F6WQ Mattermost allows authenticated guest users to enumerate user IDs outside their allowed visibility scope

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to apply view restrictions when retrieving group member IDs, which allows authenticated guest users to enumerate user IDs outside their allowed visibility scope via the group retrieval endpoint...

File Inclusion node-tar Dependency in Jira Software Data Center

This High severity File Inclusion vulnerability was introduced in versions 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.1 of Jira Software Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2 and a CVS...

CVE-2025-67813

Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...

CVE-2025-67813

Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...

PT-2026-2270

Name of the Vulnerable Software and Affected Versions Quest KACE Desktop Authority versions through 11.3.1 Description Quest KACE Desktop Authority through version 11.3.1 has insecure permissions on the Named Pipes used for inter-process communication. Named Pipes are used to enable communication...

EUVD-2023-55613

Malicious code in bioql PyPI...

CVE-2023-50880

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in The BuddyPress Community BuddyPress allows Stored XSS.This issue affects BuddyPress: from n/a through 11.3.1...

Oracle Commerce 安全漏洞

Oracle Commerce is a suite of e-commerce solutions from Oracle Corporation, of which Commerce Platform is one component that provides a versatile e-commerce platform. A security vulnerability exists in Oracle Commerce's Commerce Platform versions 11.3.0, 11.3.1, and 11.3.2, which stems from...

PT-2023-31701 · Unknown · Buddypress

Name of the Vulnerable Software and Affected Versions: BuddyPress versions prior to 11.3.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting'. This allows for Stored XSS in the BuddyPress Community. Recommendation...

CVE-2018-17453

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception...

PT-2023-10697 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab Community and Enterprise Edition versions 11.1.7 and earlier, 11.2.x before 11.2.4, 11.3.x before 11.3.1 Description: The issue is related to Server-Side Request Forgery SSRF via the Kubernetes integration. This can lead to the...

CVE-2022-21559

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce component: Dynamo Application Framework. Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle...

CVE-2022-21559

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce component: Dynamo Application Framework. Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle...

Foxit PDF Editor arbitrary file upload vulnerability

Foxit PDF Editor is a PDF editor from Foxit, a Chinese company. Foxit PDF Editor version 11.3.1 has an arbitrary file upload vulnerability, no detailed vulnerability details are provided...

CVE-2022-28104

Foxit PDF Editor v11.3.1 was discovered to contain an arbitrary file upload vulnerability...

Foxit PDF Editor 代码问题漏洞

Foxit PDF Editor is a PDF editor from Foxit, a Chinese company. Foxit PDF Editor version 11.3.1 has an arbitrary file upload vulnerability, no detailed vulnerability details are provided...

Foxit PDF Editor 11.3.1 Arbitrary File Upload Vulnerability

Exploit Title: Foxit PDF Editor Arbitrary File Upload Unauthenticated Exploit Author: Saud Alenazi Vendor Homepage: https://www.foxit.com Software Link: https://apps.apple.com/us/app/foxit-pdf-editor/id507040546 Version: 11.3.1 Tested: iPhone 6 iOS 12.4.7 Contact: https://twitter.com/dmaral3noz -...

CVE-2022-21387

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce component: Dynamo Application Framework. Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

TYPO3 XSS Vulnerability (TYPO3-CORE-SA-2021-009)

TYPO3 is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; if...

PT-2021-19916 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 9.0.0 through 9.5.27 TYPO3 versions 10.0.0 through 10.4.17 TYPO3 versions 11.0.0 through 11.3.0 Description: The issue concerns the logging of user credentials in plain-text when the log level is set to debug, which is not the...