PT-2026-39197

Name of the Vulnerable Software and Affected Versions draw.io versions prior to 29.7.9 Description The application accepts a gitlab URL parameter that overrides the GitLab server URL used during OAuth sign-in. An attacker can use a crafted link to cause the "Authorize in GitLab" dialog to open a...

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2026.1.11 contained security vulnerabilities, which stemmed from improper...

SUSE CVE-2025-9084

Mattermost versions 10.5.x = 10.5.9 fail to properly validate redirect URLs which allows attackers to redirect users to malicious sites via crafted OAuth login URLs...

CVE-2012-10047 Cyclope Employee Surveillance Solution v6.x SQL Injection

Cyclope Employee Surveillance Solution versions 6.x are vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allowing attackers to inject arbitrary SQL statements. This can be leveraged to write and execute a...