CVE-2023-49809

Mattermost fails to handle a null request body in the /add endpoint, allowing a simple member to send a request with null request body to that endpoint and make it crash. After a few repetitions, the plugin is disabled...

CVE-2024-45461

The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to acce...

DRUPAL-CONTRIB-2024-003

This module enables you to allow and/or require users to use a second authentication method in addition to password authentication. In some cases, the module allows users to log in with an authentication plugin that an administrator has disabled. This vulnerability is mitigated by the fact that a...

PT-2023-12917 · WordPress · Atlas Gondal Export All Urls

Name of the Vulnerable Software and Affected Versions: Atlas Gondal Export All URLs plugin versions = 4.1 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects authenticated users with editor or higher privileges. Recommendations: For Atlas Gondal Expor...

GLSA-200708-08 : SquirrelMail G/PGP plugin: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-200708-08 SquirrelMail G/PGP plugin: Arbitrary code execution The functions deletekey, gpgchecksignpgpmime and gpgrecvkey used in the SquirrelMail G/PGP encryption plugin do not properly escape user-supplied data. Impact : An...