15 matches found
CVE-2026-5740 Unauthenticated WebSocket binary frame causes denial of service in Mattermost Server
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users v...
EUVD-2026-24339
An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials...
CVE-2026-33519 Incorrect privilege assignment in Portal for ArcGIS
An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials...
CVE-2026-3109 Missing timestamp validation in Zoom webhook handler
Mattermost Plugins versions =11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests. Mattermost Advisory ID: MMSA-2026-00584...
Esri ArcGIS Server 跨站脚本漏洞
Esri ArcGIS Server is a web-oriented enterprise software platform available for providing geolocation services from Esri. A cross-site scripting vulnerability exists in Esri ArcGIS Server version 11.4 and earlier, which stems from a stored cross-site scripting issue that could lead to malicious...
CVE-2025-57870 BUG-000179884 - There is a security vulnerability in ArcGIS Server Feature Services.
A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL commands via a specific ArcGIS Feature Service operation. Successful exploitation can...
CVE-2025-57875
CVE-2025-57875 affects Esri Portal for ArcGIS
Esri Portal For ArcGIS 跨站脚本漏洞
Esri Portal For ArcGIS is a component of Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal For ArcGIS version 11.4 and earlier, which stems from a remote...
CVE-2025-49534
Adobe Experience Manager versions 11.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse...
Adobe Connect 跨站脚本漏洞
Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. A security vulnerability exists in Adobe Connect version 12.6 and earlier and version 11.4.7 and earlier, which can be exploited by an attacker to inject malicious script into vulnerable form...
Adobe Connect 跨站脚本漏洞
Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. A security vulnerability exists in Adobe Connect version 12.6 and earlier and version 11.4.7 and earlier, which can be exploited by an attacker to inject malicious script into vulnerable form...
UBUNTU-CVE-2023-0042
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols...
CVE-2018-3052
Vulnerability in the MICROS Relate CRM Software component of Oracle Retail Applications subcomponent: Internal Operations. Supported versions that are affected are 10.8.x and 11.4.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS...
Zoho ManageEngine Event Log Analyzer Cross-Site Scripting Vulnerability (CNVD-2017-26266)
Zoho ManageEngine Event Log Analyzer is the United States ZhuoHao Zoho company's set of systems, event log analysis software. A cross-site scripting vulnerability exists in the search and display of event data in Zoho ManageEngine Event Log Analyzer versions 11.4 and 11.5. A remote attacker can...
CVE-2017-11687
Multiple Persistent cross-site scripting XSS vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog...