Slack Nebula may accept arbitrary source IP addresses

Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network...

CVE-2025-62820

Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network...

CVE-2025-62820

Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network...

CVE-2025-62820

Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network...

CVE-2025-62820

Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network...

EUVD-2025-35657

Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network...

Slack Nebula 安全漏洞

Slack Nebula is a scalable overlay network tool from Slack open source. A security vulnerability exists in Slack Nebula versions prior to 1.9.7 that stems from improper CIDR handling in certain configurations, which could lead to the acceptance of arbitrary source IP addresses in the Nebula netwo...

CVE-2025-62820

Slack Nebula prior to 1.9.7 is affected by a CIDR handling issue that allows accepting arbitrary source IPs within the Nebula network. The CVE entry documents this as a network‑level vulnerability with a CVSS v3.1 base score of 4.9 (Medium) and a high attack complexity, requiring low privileges a...

EUVD-2012-0374

Malware in sbrugna...

Vmware Workspace One Access 代码问题漏洞

Vmware Workspace One Access is Vmware's combination of user identity with factors such as device and network information to make intelligence-driven conditional access decisions for Workspace One-delivered applications. A code issue vulnerability exists in VMware Workspace ONE Access versions...

CVE-2019-13643

Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clicking a malicious link on...

Cross site scripting

Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clicking a malicious link on...

CVE-2019-9957

Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...

Cross site scripting

Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...

Google Chrome Navigation Input Validation Vulnerability

Google Chrome is a web browser developed by Google, Inc.Navigation is one of the browser navigation modules. An input validation vulnerability exists in Navigation in versions of Google Chrome prior to 71.0.3578.80, which stems from the program's failure to properly handle navigation failures...

Blue Shield Web Page Tamper Protection System Has Arbitrary Source Code File Download Vulnerability

BlueShield Web Tamper Protection System is a web page tampering prevention product. Blueshield Web Tamper Protection System has an arbitrary source code file download vulnerability. As long as the php followed by %20, %2e, ::$DATA may download php files, allowing attackers to obtain the source...

NaviCOPA <= 3.0.1.2 Source Disclosure

No description provided by source. NaviCOPA Web Server = 3.0.1.2 Remote Source Disclosure Found By: DrIDE Tested On: Windows XPSP3 Download: www.navicopa.com/download.html - Description - NaviCOPA Web Server = 3.0.1.2 is a Windows based HTTP server. This is the latest version of the application...

CVE-2009-5120

The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via UTF-7 text to the 404...

CVE-2009-5120

The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via UTF-7 text to the 404...

Mongoose Web Server 2.8 - Source Disclosure

Mongoose Web Server = 2.8.0 Remote Source Disclosure Found By: DrIDE Tested On: Windows XPSP3 Download: http://code.google.com/p/mongoose/ - Description - Mongoose Web Server = 2.8.0 is a Windows based HTTP server. This is the latest version of the application available. Mongoose is vulnerable to...