CVE-2024-47263

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive informati...

PT-2026-45930

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive informati...

DEBIAN-CVE-2026-44839

RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13...

UBUNTU-CVE-2026-44839

RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13...

CVE-2026-44839

RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13...

CVE-2026-44839

RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13...

EUVD-2026-32549

RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13...

SUSE CVE-2025-68480

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...

SUSE CVE-2017-18875

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files...

GO-2025-4187 Mattermost Server is vulnerable to Path Traversal when files are stored locally in github.com/mattermost/mattermost-server

Mattermost Server is vulnerable to Path Traversal when files are stored locally in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positi...

CVE-2023-26920

fast-xml-parser before 4.1.2 allows proto for Prototype Pollution...

PT-2025-5909 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 4.1.2 Description: The issue allows a local attacker to upgrade common permissions to root and leak sensitive information through a use after free exploit. Recommendations: For OpenHarmony versions prior to 4.1.2...

bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip...

WordPress plugin Team 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

Mattermost Server does not properly restrict use of slash commands

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands...

Unspecified Vulnerability in Mattermost Server (CNVD-2020-41481)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.3.0, 4.2.1, and 4.1.2. An attacker can exploit this vulnerability to determine the existence of arbitrary files...

Mattermost Server Cross-Site Scripting Vulnerability (CNVD-2020-48232)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.3.0, 4.2.1 and 4.1.2. The vulnerability stems from the WEB application's lack of proper validation of client data. An attacke...

EasyBuild Log Information Disclosure Vulnerability

EasyBuild is a software building and installation framework. A log information disclosure vulnerability exists in versions of EasyBuild prior to 4.1.2. The vulnerability stems from the abnormal output of log files from a networked system or product. No details of the vulnerability are provided at...

Fortinet FortiExtender Operating System Command Injection Vulnerability

Fortinet FortiExtender is a wireless WAN wide area network extender device from Fortinet. An operating system command injection vulnerability exists in Fortinet FortiExtender versions prior to 4.1.2, which can be exploited by an attacker to execute illegal operating system commands when the netwo...

Open Information Security Foundation Suricata Input Validation Error Vulnerability

Suricata is a set of network intrusion detection system IDS, intrusion prevention system IPS and network security monitoring engine developed by the Open Information Security Foundation OISF and its supported vendors, which supports multi-threading, built-in IPv6, and the ability to load...