1225 matches found
CVE-2025-30073
An issue was discovered in OPC cardsystems Webapp Aufwertung 2.1.0. The reference assigned to transactions can be reused. When completing a payment, the first or all transactions with the same reference are completed, depending on timing. This can be used to transfer more money onto employee card...
OPC cardsystems Webapp Aufwertung 安全漏洞
OPC cardsystems Webapp Aufwertung is a billing system from OPC cardsystems, Inc. A security vulnerability exists in OPC cardsystems Webapp Aufwertung version 2.1.0 that stems from a transaction reference that can be reused, potentially resulting in an improper transfer of funds...
CVE-2025-30073
An issue was discovered in OPC cardsystems Webapp Aufwertung 2.1.0. The reference assigned to transactions can be reused. When completing a payment, the first or all transactions with the same reference are completed, depending on timing. This can be used to transfer more money onto employee card...
MAL-2025-2458 Malicious code in contaxy-webapp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7e369d55f0561aa0c1af981aea283045a266800715c8ecfdcd178cece2cc853b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in contaxy-webapp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7e369d55f0561aa0c1af981aea283045a266800715c8ecfdcd178cece2cc853b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1572 Malicious code in auth0-nodejs-webapp-sample-new-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 66ab3d3775ff156aa2978e726606e002c0b7d2673ea1667898733604c8521491 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-24799
wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious...
Malicious code in console-webapp-static-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 881f4b0e9d871a25620edd0bdf015644703eb56726d7b1785e5e0eb18ca32e36 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-174 Malicious code in console-webapp-static-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 881f4b0e9d871a25620edd0bdf015644703eb56726d7b1785e5e0eb18ca32e36 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GO-2025-3407 Mattermost webapp crash via a crafted post in github.com/mattermost/mattermost-server
Mattermost webapp crash via a crafted post in github.com/mattermost/mattermost-server...
GHSA-W6XH-C82W-H997 Mattermost webapp crash via a crafted post
Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel...
Mattermost webapp crash via a crafted post
Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel...
CVE-2025-20621
Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel...
CVE-2025-20621
Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel...
CVE-2025-20621 Webapp crash via object that can't be cast to String in Attachment Field
Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel...
CVE-2025-20621 Webapp crash via object that can't be cast to String in Attachment Field
Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel...
CVE-2025-20621
Summary (CVE-2025-20621) Mattermost webapp crashes when processing posts with attachments containing fields that cannot be cast to a String. Affected versions include Mattermost 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, and 10.1.x
CVE-2024-54083
Summary (CVE-2024-54083) Mattermost Server contains an issue where the code fails to properly validate the type of callProps. This allows a user to trigger a client-side Denial of Service on webapp and mobile users within specific channels by sending a specially crafted post. Affected versions in...
Astra Linux – Vulnerability in Chromium
Inappropriate implementations in WebApp installations in Google Chrome on Windows prior to version 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing through a crafted HTML page. Chromium security severity: Low...
.NET Remote Code Execution Vulnerability
Microsoft Security Advisory CVE-2024-43498 | .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0. This advisory also provides guidance on what developers can do to update their applicatio...