Mattermost fails to verify run_create permission for empty playbookId

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2 fail to verify runcreate permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542...

CVE-2026-3672 JeecgBoot getDictItems isExistSqlInjectKeyword sql injection

A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...

EUVD-2020-7667

Malware in sbrugna...

CVE-2024-9531

The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvxsentdeactivationrequest' function in all versions up to, and including, 4.2.4. This makes it possible f...

CVE-2025-30706

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/J. Supported versions that are affected are 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attac...

PT-2024-13648 · WordPress · Gfazioli Wp Cleanfix

Name of the Vulnerable Software and Affected Versions: Gfazioli WP Cleanfix versions through 5.6.2 Description: The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. This enables potential unauthorized access...

PT-2023-31791 · Unknown · Sticky Chat Widget

Name of the Vulnerable Software and Affected Versions: Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button versions 1.1.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as...

UBUNTU-CVE-2020-14804

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

UBUNTU-CVE-2019-2982

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2019)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

microTopic 1 - (Rating) Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH!...

mixedcms 1.0b (lfi/su/ab/fd) Multiple Vulnerabilities

No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! ---------------------...

Online Grades And Attendance 3.2.6 Blind SQL Injection

!/usr/bin/perl || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ 'cc' Blind SQLi EXPLOIT | |--------------------------------------------------------------------------------------------| | | Online Grades & Attendance v-3.2.6 | |...

Small Pirates v-2.1 (XSS/SQL) Multiple Remote Vulnerabilities

No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! ------------------...

my-colex 1.4.2 - Authentication Bypass SQL Injection Cross-Site Scripting

my-colex 1.4.2 - Authentication Bypass SQL Injection Cross-Site Scripting || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH!...

ProjectCMS 1.0b (index.php sn) Remote SQL Injection Vulnerability

No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! ------------------...

MixedCMS 1.0--Multiple Remote Vulnerabilities-->

---------------------------------------------------- MULTIPLE REMOTE VULNERABILITIES Mixed CMS 1.0 ---------------------------------------------------- CMS INFORMATION: --WEB: http://sourceforge.net/projects/mixedcms/ --DOWNLOAD: http://sourceforge.net/projects/mixedcms/ --DEMO: N/A --CATEGORY: C...

WarFTP 1.65 - 'USER' Remote Buffer Overflow

include include include define VULNSERVER "WAR-FTPD 1.65" define VULNCMD "\x55\x53\x45\x52\x20" define ZERO '\x00' define NOP '\x90' define VULNBUFF 485 define BUFFREAD 128 define PORT 21 define LENJMPESP 4 / WARFTP - VERSION 1.65 WarFTP Username Stack-Based Buffer-Overflow Vulnerability...