Lucene search
K

15 matches found

Cvelist
Cvelist
added 2026/05/22 10:22 a.m.22 views

CVE-2026-5740 Unauthenticated WebSocket binary frame causes denial of service in Mattermost Server

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users v...

7.5CVSS0.00327EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 9:31 p.m.4 views

EUVD-2026-24339

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials...

9.8CVSS5.8AI score0.00312EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/21 8:38 p.m.34 views

CVE-2026-33519 Incorrect privilege assignment in Portal for ArcGIS

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials...

9.8CVSS0.00312EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/26 4:28 p.m.24 views

CVE-2026-3109 Missing timestamp validation in Zoom webhook handler

Mattermost Plugins versions =11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests. Mattermost Advisory ID: MMSA-2026-00584...

2.2CVSS0.00291EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.4 views

Esri ArcGIS Server 跨站脚本漏洞

Esri ArcGIS Server is a web-oriented enterprise software platform available for providing geolocation services from Esri. A cross-site scripting vulnerability exists in Esri ArcGIS Server version 11.4 and earlier, which stems from a stored cross-site scripting issue that could lead to malicious...

6.1CVSS6AI score0.00197EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/22 2:26 p.m.9 views

CVE-2025-57870 BUG-000179884 - There is a security vulnerability in ArcGIS Server Feature Services.

A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL commands via a specific ArcGIS Feature Service operation. Successful exploitation can...

10CVSS0.00495EPSS
Exploits0References1
CVE
CVE
added 2025/09/29 6:35 p.m.13 views

CVE-2025-57875

CVE-2025-57875 affects Esri Portal for ArcGIS

4.8CVSS6.2AI score0.00209EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/09/29 12:0 a.m.17 views

Esri Portal For ArcGIS 跨站脚本漏洞

Esri Portal For ArcGIS is a component of Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal For ArcGIS version 11.4 and earlier, which stems from a remote...

4.8CVSS5.8AI score0.00209EPSS
Exploits0References2
OSV
OSV
added 2025/07/08 10:15 p.m.6 views

CVE-2025-49534

Adobe Experience Manager versions 11.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse...

5.4CVSS5.7AI score0.0023EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/10 12:0 a.m.3 views

Adobe Connect 跨站脚本漏洞

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. A security vulnerability exists in Adobe Connect version 12.6 and earlier and version 11.4.7 and earlier, which can be exploited by an attacker to inject malicious script into vulnerable form...

9.3CVSS6.5AI score0.00708EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/10 12:0 a.m.4 views

Adobe Connect 跨站脚本漏洞

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. A security vulnerability exists in Adobe Connect version 12.6 and earlier and version 11.4.7 and earlier, which can be exploited by an attacker to inject malicious script into vulnerable form...

9.3CVSS9.1AI score0.00813EPSS
Exploits0References1
OSV
OSV
added 2023/01/12 4:15 a.m.2 views

UBUNTU-CVE-2023-0042

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols...

6.1CVSS6.5AI score0.00403EPSS
Exploits0References4
OSV
OSV
added 2018/07/18 1:29 p.m.3 views

CVE-2018-3052

Vulnerability in the MICROS Relate CRM Software component of Oracle Retail Applications subcomponent: Internal Operations. Supported versions that are affected are 10.8.x and 11.4.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS...

6.4CVSS5.8AI score0.0107EPSS
Exploits0References2
CNVD
CNVD
added 2017/07/28 12:0 a.m.2 views

Zoho ManageEngine Event Log Analyzer Cross-Site Scripting Vulnerability (CNVD-2017-26266)

Zoho ManageEngine Event Log Analyzer is the United States ZhuoHao Zoho company's set of systems, event log analysis software. A cross-site scripting vulnerability exists in the search and display of event data in Zoho ManageEngine Event Log Analyzer versions 11.4 and 11.5. A remote attacker can...

6.1CVSS6AI score0.01265EPSS
Exploits1References1
OSV
OSV
added 2017/07/27 6:29 a.m.5 views

CVE-2017-11687

Multiple Persistent cross-site scripting XSS vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog...

6.1CVSS5.8AI score0.01265EPSS
Exploits1References1
Rows per page
Query Builder