30 matches found
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions. An attacker can gain elevated privileges by exploiting these permissions locally. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-musl-arm64 to version 10.0.4 or higher. References - Vulnerability...
CVE-2025-59893
Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...
CVE-2025-59894
Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...
CVE-2025-59894
Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...
CVE-2025-59891
Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...
PT-2026-5103
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service DoS vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. An attacker could send malicious reques...
PT-2026-5104
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...
Flexense Sync Breeze Enterprise Server and Flexense Disk Pulse Enterprise have vulnerabilities related to cross-site request forgeing attacks.
Flexense Sync Breeze Enterprise Server and Flexense Disk Pulse Enterprise are both products of Flexense Corporation. Flexense Sync Breeze Enterprise Server is a network file synchronization software. Flexense Disk Pulse Enterprise is a real-time file system monitoring software. Both the Flexense...
Flexense Sync Breeze Enterprise Server and Flexense Disk Pulse Enterprise have vulnerabilities related to cross-site request forgeing attacks.
Flexense Sync Breeze Enterprise Server and Flexense Disk Pulse Enterprise are both products of Flexense Corporation. Flexense Sync Breeze Enterprise Server is a network file synchronization software. Flexense Disk Pulse Enterprise is a real-time file system monitoring software. Both the Flexense...
CVE-2025-34397
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Message parameter of /Mobile/Compose.aspx. The Message value is not properly sanitized when processed via a GET request and is reflected into a JavaScript context in the response. By supplying a...
SUSE CVE-2025-1412
Mattermost versions 9.11.x = 9.11.6, 10.4.x = 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot...
CVE-2025-1412
Mattermost versions 9.11.x = 9.11.6, 10.4.x = 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot...
Apple watchOS 安全漏洞
Apple watchOS is a set of smartwatch operating systems from Apple USA. A security vulnerability exists in Apple watchOS version 10.4, which stems from processing web content that could lead to arbitrary code execution...
Apple GarageBand 安全漏洞
Apple GarageBand is an application from Apple USA. A fully equipped music creation studio - with a complete sound library that includes presets for instruments, guitars and voices, as well as an amazing selection for session drummers and percussionists. A security vulnerability exists in Apple...
Artifex Ghostscript 安全漏洞
Artifex Ghostscript is a free software package from Artifex, Inc. based on Adobe, PostScript, and the Portable Document Format page description language. A security vulnerability exists in Artifex Ghostscript prior to version 10.04.0, which stems from a directory traversal vulnerability due to lo...
PT-2024-32289 · Sitecore · Experience Manager +2
Name of the Vulnerable Software and Affected Versions: Sitecore Experience Platform XP, Experience Manager XM, and Experience Commerce XC versions 8.0 through 10.4 Description: An issue was discovered in Sitecore Experience Platform XP, Experience Manager XM, and Experience Commerce XC, allowing ...
TYPO3 跨站脚本漏洞
TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. TYPO3 suffers from a cross-site scripting vulnerability that originates in the Form Designer back-end module of Form Framework, which is susceptible to cross-site scripting attacks and...
CVE-2022-0911
Cross-site Scripting XSS - Stored in GitHub repository pimcore/pimcore prior to 10.4.0...
CVE-2021-37197
A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS is vulnerable to SQL injections...
Foxit Reader和Foxit PhantomPDF 后置链接漏洞
Foxit Reader and Foxit PhantomPDF are both PDF document readers from Foxit, a Chinese company. Foxit Reader and PhantomPDF versions prior to 10.1.4 have a security vulnerability that could be exploited to corrupt memory during the conversion of PDF documents to a different document format...