804 matches found
PT-2026-2143
Name of the Vulnerable Software and Affected Versions RustFS versions prior to 1.0.0-alpha.79 Description RustFS is a distributed object storage system built in Rust. The ImportIam API endpoint incorrectly validates permissions using ExportIAMAction instead of ImportIAMAction. This allows a...
CVE-2019-16461
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure...
CVE-2024-2651
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. It was possible for an attacker to cause a denial of service using maliciously crafted markdown content...
CVE-2024-2450
Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to correctly verify account ownership when switching from email to SAML authentication, allowing an authenticated attacker to take over other user accounts via a crafted switch request und...
CVE-2025-12511
Centreon CVE-2025-12511 is a Stored XSS vulnerability in Centreon Infra Monitoring’s DSM extension configuration modules caused by improper input neutralization during web page generation. Affected versions: 25.10.0–1 (vulnerable before 25.10.1), 24.10.0–4 (before 24.10.4), and 24.04.0–8 (before ...
CVE-2025-68502
Authorization Bypass Through User-Controlled Key vulnerability in Crocoblock JetPopup jet-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetPopup: from n/a through = 2.0.20.1...
CVE-2025-64467
There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...
CVE-2025-67789
An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Authenticated users can retrieve the computer count of other DriveLock tenants via the DriveLock API...
PT-2025-50585
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.6 through 18.4.6 GitLab CE/EE versions 18.5 through 18.5.4 GitLab CE/EE versions 18.6 through 18.6.2 Description GitLab has addressed an issue that could allow an authenticated user to reveal sensitive information...
EUVD-2025-201412
Authentication Bypass via Hardcoded Credentials GoAway up to v0.62.18, fixed in 0.62.19, uses a hardcoded secret for signing JWT tokens used for authentication...
CVE-2025-66510
CVE-2025-66510 affects Nextcloud Server and Nextcloud Enterprise Server where the contact search feature can disclose personal data (emails, names, identifiers) of other users to authenticated users due to improper access control. Affected versions include Nextcloud Server prior to 31.0.10 and 32...
PT-2025-48814
Name of the Vulnerable Software and Affected Versions Akamai Guardicore Platform Agent versions prior to 50.15.0 Akamai Guardicore Platform Agent versions prior to 51.12.0 Akamai Guardicore Platform Agent versions prior to 52.1.1 Description The Akamai Guardicore Platform Agent has a flaw that...
PT-2025-46871
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.0 through 10.5.11 Mattermost versions 10.11.0 through 10.11.3 Description The software does not properly validate team membership permissions in the Add Channel Member API. This allows users from one team to access use...
PT-2025-47053
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.9 through 18.3.5 GitLab CE/EE versions 18.4 through 18.4.3 GitLab CE/EE versions 18.5 through 18.5.1 Description An authenticated attacker could bypass access control restrictions and view GitLab Pages content intended...
PYSEC-2025-107
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, django.http.HttpResponseRedirect, django.http.HttpResponsePermanentRedirect, and the shortcut django.shortcuts.redirect were subject to a...
FreeBSD : Firefox -- Sandbox escape due to undefined behavior (8b5f4eb3-b808-11f0-8016-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8b5f4eb3-b808-11f0-8016-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=1986185 reports: Sandbox escape due to undefined behavior,...
CVE-2025-39663 Cross Site Scripting through compromised remote site
Cross-Site Scripting XSS vulnerability in Checkmk's distributed monitoring allows a compromised remote site to inject malicious HTML code into service outputs in the central site. Affecting Checkmk before 2.4.0p14, 2.3.0p39, 2.2.0 and 2.1.0 eol...
GHSA-8HW3-GHWV-CRFH Liferay Portal vulnerable to password enumeration
Password enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote attackers t...
CVE-2025-11391 PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated Arbitrary File Upload
The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for unauthenticated attackers to uplo...
CVE-2025-54892 A user with elevated privileges can inject XSS in the SNMP traps group configuration page
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring SNMP traps group configuration modules allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from...