7 matches found
CVE-2024-25177 affecting package luajit for versions less than 2.1.0-28
CVE-2024-25177 affecting package luajit for versions less than 2.1.0-28. A patched version of the package is available...
CVE-2025-31691 OAuth2 Server - Moderately critical - Access bypass - SA-CONTRIB-2025-020
Missing Authorization vulnerability in Drupal OAuth2 Server allows Forceful Browsing.This issue affects OAuth2 Server: from 0.0.0 before 2.1.0...
PT-2025-4687 · Unknown · Qwerty23 Rocket Media Library Mime Type
Name of the Vulnerable Software and Affected Versions: Qwerty23 Rocket Media Library Mime Type versions prior to 2.1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended...
Froxlor 授权问题漏洞
Froxlor is a lightweight server management software from the Froxlor team. An authorization issue vulnerability exists in versions of Froxlor prior to 2.1.0 that stems from session fixing...
Mattermost Server Cross-Site Request Forgery Vulnerability
Mattermost Server is the United States Mattermost company's set of open source messaging platform. A cross-site request forgery vulnerability exists in Mattermost Server versions prior to 2.1.0. The vulnerability stems from a WEB application that does not adequately validate whether a request is...
PT-2020-12544 · Freerdp +6 · Freerdp +6
Name of the Vulnerable Software and Affected Versions: FreeRDP versions 2.0.0 and earlier Description: The issue is related to an out-of-bound read in the ntlm read AuthenticateMessage function. This has been fixed in version 2.1.0. Recommendations: For FreeRDP versions 2.0.0 and earlier, update ...
Rocket.Chat Cross-Site Scripting Vulnerability (CNVD-2019-36863)
Rocket.Chat is an open source team chat software. A cross-site scripting vulnerability exists in versions of Rocket.Chat prior to 2.1.0, which stems from a lack of proper validation of client-side data by the web application and can be exploited by an attacker to execute client-side code...