3850 matches found
Mattermost Server 10.5.x <= 10.5.12 / 10.11.x <= 10.11.4 / 10.12.x <= 10.12.1 / 11.0.x <= 11.0.2 Multiple Vulnerabilities (CVE-2025-12421, MMSA-2025-00526, CVE-2025-12756)
The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in CVE-2025-12421, MMSA-2025-00526 and CVE-2025-12756. - Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to to verify that the token used...
编号撤回
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a misplaced exception handling table comment in clearuserrepgood, which could cause the kernel to crash...
CVE-2025-14013
A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. Th...
EUVD-2025-201262
A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. Th...
CVE-2025-14013
A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. Th...
CVE-2025-14013
A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. Th...
CVE-2025-14011
A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing a manipulation of the argument aid/tid results in sql injection. The attack can be initiated remotely...
CVE-2025-14013 JIZHICMS Comment addcomment.html cross site scripting
A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. Th...
CVE-2025-14013
The CVE-2025-14013 entry affects JIZHICMS up to version 2.5.5, specifically the Comment Handler’s file /index.php/admins/Comment/addcomment.html. The issue is a cross-site scripting vulnerability caused by manipulation of the body parameter, with remote initiation possible and a public exploit av...
CVE-2025-14013 JIZHICMS Comment addcomment.html cross site scripting
A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. Th...
CVE-2025-14012
A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing a manipulation can lead to sql injection. The attack can be launched remotel...
CVE-2025-14011 JIZHICMS Add Display Name Field addcomment.html commentlist sql injection
A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing a manipulation of the argument aid/tid results in sql injection. The attack can be initiated remotely...
CVE-2025-14011 JIZHICMS Add Display Name Field addcomment.html commentlist sql injection
A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing a manipulation of the argument aid/tid results in sql injection. The attack can be initiated remotely...
CVE-2025-14011
CVE-2025-14011 involves JIZHICMS up to version 2.5.5. Affected is the function commentlist in /index.php/admins/Comment/addcomment.html, within the Add Display Name Field component. The issue arises from manipulation of the aid/tid parameter, enabling SQL injection. Public exploitation exists, an...
PT-2025-49105
A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing manipulation can lead to sql injection. The attack can be launched remotely...
JIZHICMS 代码注入漏洞
JIZHICMS Jizhi CMS is a set of open source content management system CMS of China Jizhi JIZHI company. A code injection vulnerability exists in JIZHICMS 2.5.5 and earlier versions, which stems from incorrect manipulation of the parameter body in the file /index.php/admins/Comment/addcomment.html,...
GO-2025-4172 Mattermost fails to validate user permissions when deleting comments in Boards in github.com/mattermost/mattermost
Mattermost fails to validate user permissions when deleting comments in Boards in github.com/mattermost/mattermost. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive repor...
Privilege Context Switching Error
Overview Affected versions of this package are vulnerable to Privilege Context Switching Error in the current user session. An attacker can remove comments created by other users by sending crafted requests with insufficient permission checks. Remediation Upgrade...
Privilege Context Switching Error
Overview Affected versions of this package are vulnerable to Privilege Context Switching Error in the current user session. An attacker can remove comments created by other users by sending crafted requests with insufficient permission checks. Remediation Upgrade...
CVE-2025-12756
Mattermost vulnerability CVE-2025-12756 affects Mattermost Server with Boards: versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, and 10.5.x