28 matches found
EUVD-2026-34906
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authenticated attacker can inject malicious JavaScript into their Open XDMoD user profile and abuse the password reset functionality to email a link to an HTML page, which when visited by the...
CVE-2024-54017
A vulnerability has been identified in SIPROTEC 5 6MD84 CP300 All versions = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80, SIPROTEC 5 7SA82 CP150 All versions = V7.80 = V7.80 = V7.80, SIPROTEC 5 7SD82 CP150 All versions = V7.80 = V7.80 = V7.80, SIPROTEC 5 7SJ81 CP150 All versions = V7.80, SIPROT...
CVE-2024-54017
A vulnerability has been identified in SIPROTEC 5 6MD84 CP300 All versions = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80, SIPROTEC 5 7SA82 CP150 All versions = V7.80 = V7.80 = V7.80, SIPROTEC 5 7SD82 CP150 All versions = V7.80 = V7.80 = V7.80, SIPROTEC 5 7SJ81 CP150 All versions = V7.80, SIPROT...
CyberChef has a Cross-site Scripting issue
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...
MariaDB Server 安全漏洞
MariaDB Server is an open-source relational database system developed by MariaDB. Vulnerabilities existed in versions prior to 11.4.10, as well as in versions 11.5.x to 11.8.x, up to 11.8.6, and 12.x up to 12.2.2. These vulnerabilities were due to a buffer overflow in the cachingsha2password...
CVE-2026-24989
CVE-2026-24989 describes a deserialization of untrusted data in the SUMO Affiliates Pro plugin for WordPress (affs), enabling PHP object injection. Affected: SUMO Affiliates Pro versions below 11.4.0. Root cause: deserialization of untrusted input leading to object injection. Impact: according to...
Hitachi Ops Center Administrator 安全漏洞
Hitachi Ops Center Administrator is a management interface and tool for managing Hitachi storage devices at Hitachi, Ltd. Versions of Hitachi Ops Center Administrator prior to 11.0.8 contained security vulnerabilities, which were due to susceptibility to redirection attacks...
CVE-2025-67711 Reflected XSS vulnerability in ArcGIS Server.
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...
CVE-2025-46637
Dell Encryption (pre-11.12.1) contains an Improper Link Resolution Before File Access (Link Following) vulnerability that could allow a local attacker to achieve Elevation of Privileges. Affected component: Dell Encryption software; vulnerable version range: prior to 11.12.1. Exploit details are ...
GHSA-XPG8-8XPV-948P Mattermost does not enforce MFA on WebSocket connections
Mattermost versions 11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information via WebSocket events...
CVE-2025-11776 Guest user can discover archived public channels
Mattermost versions 11 fail to properly restrict access to archived channel search API which allows guest users to discover archived public channels via the /api/v4/teams/teamid/channels/searcharchived endpoint...
PT-2025-46947
Name of the Vulnerable Software and Affected Versions Mattermost versions prior to 11 Description Mattermost versions before 11 do not enforce multi-factor authentication on WebSocket connections. This allows unauthenticated users to access sensitive information through WebSocket events...
CVE-2021-32256 affecting package gdb for versions less than 11.2-10
CVE-2021-32256 affecting package gdb for versions less than 11.2-10. A patched version of the package is available...
IGEL OS 安全漏洞
IGEL OS is a terminal operating system from the German company IGEL. A security vulnerability exists in versions prior to IGEL OS 11 that stems from improper signature verification and could lead to bypassing secure boot...
Digital Ant E-Commerce SQL Injection Vulnerability
Digital Ant E-Commerce is an e-commerce platform from Digital Ant, Inc. A SQL injection vulnerability exists in versions of Digital Ant E-Commerce Software prior to 11, which stems from incorrect neutralization of special elements used in SQL commands...
Digital Ant E-Commerce Cross-Site Scripting Vulnerability
Digital Ant E-Commerce is an e-commerce platform from Digital Ant, Inc. A cross-site scripting vulnerability exists in versions of Digital Ant E-Commerce Software prior to version 11, which arises from improperly neutralized input during web page generation...
PT-2023-25606
Name of the Vulnerable Software and Affected Versions Digital Ant E-Commerce Software versions prior to 11 Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker c...
UBUNTU-CVE-2021-4180
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the wwwauthenticateuri parameter which is visible to all end users in configuration files. This would give sensitive...
Cisco Data Center Network Manager 安全漏洞
Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. An authorization bypass vulnerability exists in the Web management interface of...
Cisco Data Center Network Manager 安全漏洞
Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. An authorization bypass vulnerability exists in the Web management interface of...