WordPress plugin NextGEN Gallery SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

SUSE CVE-2017-18875

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files...

CVE-2025-40806

CVE-2025-40806 affects Siemens Gridscale X Prepay (all versions

Siemens Gridscale X Prepay 安全漏洞

Siemens Gridscale X Prepay is an energy prepayment and customer management system from Siemens, Germany. Siemens Gridscale X Prepay suffers from an information disclosure vulnerability that stems from a distinguishable response, which can be exploited by an attacker to cause user enumeration...

GO-2025-4187 Mattermost Server is vulnerable to Path Traversal when files are stored locally in github.com/mattermost/mattermost-server

Mattermost Server is vulnerable to Path Traversal when files are stored locally in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positi...

CVE-2025-34282

ThingsBoard versions 4.2.1 contain a server-side request forgery SSRF vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload a malicious SVG file that references a remote URL. If the server processes the SVG file in a way that parses external references, it may...

Linux Distros Unpatched Vulnerability : CVE-2019-2393

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue...

Linux Distros Unpatched Vulnerability : CVE-2021-31863

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read...

PT-2024-29965 · Openhab +1 · Openhab +1

Name of the Vulnerable Software and Affected Versions: openHAB versions prior to 4.2.1 Description: The issue concerns the CometVisu add-on of openHAB, which has file system endpoints that do not require authentication. Additionally, the endpoint to update an existing file is susceptible to path...

Basecamp 路径遍历漏洞

Basecamp is a project management software from Basecamp, Inc. A security vulnerability exists in Basecamp versions prior to 4.2.1 that stems from the presence of a directory traversal vulnerability. An attacker can exploit this vulnerability to write arbitrary files in the application's private...

Mattermost Server does not properly restrict use of slash commands

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands...

GHSA-QGFR-5HQP-VRW9 Path Traversal in decompress

Versions of decompress prior to 4.2.1 are vulnerable to Arbitrary File Write. The package fails to prevent extraction of files with relative paths, allowing attackers to write to any folder in the system by including filenames containing../. Recommendation Upgrade to version 4.2.1 or later...

GHSA-FF7X-QRG7-QGGM dot-prop Prototype Pollution vulnerability

Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects...

Unspecified Vulnerability in Mattermost Server (CNVD-2020-41481)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.3.0, 4.2.1, and 4.1.2. An attacker can exploit this vulnerability to determine the existence of arbitrary files...

Mattermost Server Cross-Site Scripting Vulnerability (CNVD-2020-48232)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.3.0, 4.2.1 and 4.1.2. The vulnerability stems from the WEB application's lack of proper validation of client data. An attacke...

CVE-2019-15476

Former before 4.2.1 has XSS via a checkbox value...

WordPress Stored Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress versions prior to 4.2.1 and 3.9.6 fail to properly filter commented content, allowing attackers to insert arbitrary...