CVE-2025-12694 Local Privilege Escalation in VPN Client

A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects VPN Client for Windows: versions 6.11.3 and prior...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. There is a security vulnerability in Mattermost, which stems from the lack of verification of the size of extracted files during decompression. This vulnerability could allow authenticated users to b...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 11.2.2 and earlier of the 11.2.x series, as well as versions 10.11.10 and earlier of the 10.11.x series, 11.4.0 and earlier of the 11.4.x series, and 11.3...

CVE-2026-2454 DoS in Calls plugin via malformed msgpack in websocket request.

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msgpack frames within websocket messages to calls plugin. Mattermost Advisory ID:...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.3.0 and earlier 11.3.x series, as well as 11.2.2 and earlier versions 11.2.x series, have security vulnerabilities. These vulnerabilities stem from the unauthorized...

DoS (Denial of Service) glob-parent Dependency in Jira Software Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 9.15.2, 9.16.0, 9.17.0, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, and 11.2.0 of Jira Software Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector o...

CVE-2024-5888

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

CVE-2024-51954

There is an improper access control issue in ArcGIS Server versions 11.3 and below on Windows and Linux which, under unique circumstances, could allow a remote, low‑privileged authenticated attacker to access secure services published to a standalone unfederated ArcGIS Server instance. Successful...

CVE-2024-51949

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

PT-2024-12897 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX version 11.3 Description: The issue is related to authentication bypass when an OAuth2 Client uses client secret jwt as its authentication method. This can be exploited via specially crafted requests. Recommendations: For version...

PT-2023-6271 · Oracle · Oracle Commerce Guided Search

Name of the Vulnerable Software and Affected Versions: Oracle Commerce Guided Search version 11.3.2 Description: The issue is related to insufficient input validation in the Workbench component of Oracle Commerce Guided Search. This easily exploitable vulnerability allows an unauthenticated...

CVE-2023-30436

IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 25229...

IBM Security Guardium 安全漏洞

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. An authorization issue vulnerability exists in IBM Security...

CVE-2022-41441

Multiple cross-site scripting XSS vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters...

ReQlogic 跨站脚本漏洞

ReQlogic is a solution from ReQlogic, Inc. A cross-site scripting vulnerability exists in ReQlogic v11.3. An attacker can exploit this vulnerability by injecting a specially crafted payload into the POBatch and WaitDuration parameters to execute arbitrary web script or HTML...

qpress 路径遍历漏洞

qpress is a patched version of the qpress file archiver program by the individual developer EvgeniyPatlan. A directory traversal vulnerability exists in qpress versions 11.3 and prior to 2022.08.19, which stems from a lack of checking of paths when processing directory requests and can be exploit...

ZOHO ManageEngine ServiceDesk Plus 跨站脚本漏洞

ZOHO ManageEngine ServiceDesk Plus SDP is the United States ZhuoHao ZOHO company's set of ITIL-based architecture of IT service management software. The software integrates Incident Management, Problem Management, Asset Management IT Project Management, Procurement and Contract Management and oth...

Triconex Model 3009 MP 代码问题漏洞

Triconex Model 3009 MP is a system controller A security vulnerability exists in the Triconex Model 3009 MP on Triconex V11.3 that originates from an improperly checked exception or abnormal condition. The vulnerability could result in a module reset when the TCM receives an incorrectly formatted...

Testesdecodigogratis Testes de Codigo Cross-Site Scripting Vulnerability

Testesdecodigogratis Testes de Codigo is a mobile application from Testesdecodigogratis Portugal that provides users with driver's license learning. A cross-site scripting vulnerability exists in Testesdecodigogratis Testes de Codigo v11.3 and prior that allows storing the "Feedback" message fiel...

GitLab Access Control Error Vulnerability (CNVD-2020-51535)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An access control error vulnerability exists in GitLab...