PT-2026-45387

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of...

WordPress plugin KiviCare 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

Astra Linux - уязвимость в tiff

A null source pointer passed as an argument to the memcopy function within TIFFFetchStripThing in tifdirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to a Denial of Service attack through a crafted TIFF file. For users who compile libtiff from source code, this fix is available in the...

SUSE CVE-2017-18885

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf...

CVE-2025-67507

Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.3.0 contain a flaw in the handling of recovery codes for app-based multi-factor authentication, allowing the same recovery code to be reused indefinitely. This issue does not affect...

Wazuh 安全漏洞

Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. A security vulnerability exists in Wazuh versions 4.3.0 through prior to 4.13.0, which stems from a missing ACL in...

ch.nexsol-tech.gateway:sample-gateway (>=1.2.0 <=1.3.1), ch.nexsol-tech.gateway:spring-cloud-gateway-database (>=1.2.0 <=1.3.1) +37 more potentially affected by CVE-2025-41253 via org.springframework.cloud:spring-cloud-gateway-server (>=4.3.0 <=4.3.1)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.3.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =3.0.0, =1.8.9, =0.12.1, =0.12.1, =0.12.10, =3.10.0, =3.11.0 and more Source cves: CVE-2025-41253 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-13561992...

com.github.nbbrd.sdmx-dl:sdmx-dl-grpc (=3.0.0-beta.12), com.github.rebue.wheel:wheel-vertx (>=2.2.9 <=2.2.12) +178 more potentially affected by CVE-2024-8391 via io.vertx:vertx-grpc-client (>=4.3.0 <=4.5.1)

io.vertx:vertx-grpc-client MAVEN version =4.3.0, =2.2.9, =0.30.0, =0.21.0, =2.0.0, =2.8.0, =0.2.0, =0.0.7, =0.0.7, =0.0.7, =2.7.0, =2.7.0, =2.7.0, =1.0.4, =1.0.4, =2.0.1 and more Source cves: CVE-2024-8391 Source advisory: OSV:GHSA-G76F-GJFX-4RPR...

Eclipse Vert.x 安全漏洞

Eclipse Vert.x is an Eclipse Foundation toolkit for building responsive applications on the JVM. A security vulnerability exists in Eclipse Vert.x versions 4.3.0 through 4.5.9 that stems from the gRPC server not limiting the maximum length of the message load...

PT-2024-23912 · Unknown · Apppresser

Name of the Vulnerable Software and Affected Versions: AppPresser versions through 4.3.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web application. Recommendations: For...

alcali (>=2018.3.1 <=3006.3.0), arccanet (>=0.0.1 <=0.0.7) +68 more potentially affected by CVE-2024-22513 via djangorestframework-simplejwt (>=4.3.0 <=5.5.0)

djangorestframework-simplejwt PYPI version =4.3.0, =2018.3.1, =0.0.1, =0.0.6, =0.0.8, =1.0.0, =0.0.3, =1.0.0, =0.1.7, =0.4.0, =0.0.1, =1.0.1, =1.0.0, =1.0.0, =0.2.1, =1.0.0, =1.3.8 and more Source cves: CVE-2024-22513 Source advisory: OSV:GHSA-5VCC-86WM-547Q...

org.apache.camel.quarkus:camel-quarkus-cassandraql (>=3.5.0 <=3.35.0), org.apache.camel.quarkus:camel-quarkus-cassandraql-deployment (>=3.5.0 <=3.35.0) +2 more potentially affected by CVE-2024-23114 via org.apache.camel:camel-cassandraql (>=4.1.0 <=4.3.0)

org.apache.camel:camel-cassandraql MAVEN version =4.1.0, =3.5.0, =3.5.0, =3.5.0, =4.1.0, =4.20.0 Source cves: CVE-2024-23114 Source advisory: OSV:GHSA-M43P-55RF-8C2J...

PT-2023-30960 · Unknown · Mkrapel Regiones Y Ciudades De Chile Para Wc

Name of the Vulnerable Software and Affected Versions: MkRapel Regiones y Ciudades de Chile para WC versions through 4.3.0 Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed on behalf of a user without their knowledge or consen...

SAP Business Objects Business Intelligence Platform 注入漏洞

SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The product features report generation, analytics, and data visualization. An injection vulnerability exists in SAP Business Objects Business...

SUSE CVE-2010-2575

Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via ...

Mattermost Server exposes team creator's e-mail address to other members

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It discloses the team creator's e-mail address to members...

Mattermost Server allows users with a session ID to revoke another users' session

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session...

GHSA-8QG8-C7MW-6FJ7 Mattermost Server is vulnerable to Directory Traversal by System Admins

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal...

br.jus.stf.digital:core (=0.1.0), cn.home1:spring-cloud-config-monitor (>=0.0.1 <=1.0.1.U1) +646 more potentially affected by CVE-2020-5413 via org.springframework.integration:spring-integration-core (>=4.3.0.RELEASE <=4.3.22.RELEASE)

org.springframework.integration:spring-integration-core MAVEN version =4.3.0.RELEASE, =0.0.1, =0.0.1, =A.1.0.0, =A.1.0.0, =A.1.1.0, =A.1.0.0, =A.1.1.0, =A.1.0.0, =A.1.0.0, =1.1.2-RELEASE, =1.1.2-RELEASE, =1.1.2-RELEASE, =1.1.2-RELEASE, =1.1.2-RELEASE, =1.1.12-RELEASE and more Source cves:...

Unspecified Vulnerability in Mattermost Server (CNVD-2020-48235)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.3.0, 4.2.1 and 4.1.2. The vulnerability can be exploited by an attacker to gain privileges by accessing API endpoints...