Lucene search
K

30 matches found

RedHat Linux
RedHat Linux
added 2026/06/17 12:37 a.m.10 views

Important: Red Hat Security Advisory: redhat-ds:11 security update

An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.9 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

7.5CVSS5.3AI score0.00815EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/24 12:0 a.m.13 views

RHEL 8 : redhat-ds:11 (RHSA-2026:5514)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:5514 advisory. Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol LDAP serve...

7.2CVSS5.8AI score0.01038EPSS
Exploits0References6
NVD
NVD
added 2026/02/16 1:16 p.m.5 views

CVE-2025-14573

Mattermost versions 10.11.x = 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561...

3.8CVSS0.00157EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/16 12:25 p.m.3 views

CVE-2025-14573 Team Admin Bypass of Invite Permissions via allow_open_invite Field

Mattermost versions 10.11.x = 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561...

3.8CVSS5.5AI score0.00157EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/16 12:0 a.m.10 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.1.2 and earlier 11.1.x series, 10.11.9 and earlier 10.11.x series, and 11.2.1 and earlier 11.2.x series have security vulnerabilities. These vulnerabilities stem fro...

5.4CVSS5.8AI score0.00172EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/13 10:30 a.m.4 views

CVE-2026-20796

Mattermost versions 10.11.x = 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /commonteams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549...

3.1CVSS5.5AI score0.00199EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.7 views

Ruijie AP180 Series Operating System Command Injection Vulnerability

The Ruijie AP180 Series is a series of panel-type wireless access points produced by the Chinese company Ruijie. Previous versions of the Ruijie AP180 Series, including those with model number 11.94B1P8, had a vulnerability related to operating system command injection. This vulnerability stems...

8.6CVSS7.3AI score0.0154EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/28 11:49 a.m.9 views

CVE-2025-9313 Unauthorized database access in Asseco mMedica

An unauthenticated user can connect to a publicly accessible database using arbitrary credentials. The system grants full access to the database by leveraging a previously authenticated connection through a "mmBackup" application. This flaw allows attackers to bypass authentication mechanisms and...

9.3CVSS0.00528EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/22 6:26 p.m.19 views

CVE-2025-55746

Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents without changes being applied to the files'...

9.3CVSS7AI score0.00438EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/08/19 4:58 p.m.10 views

CVE-2025-54880 Mermaid does not properly sanitize architecture diagram iconText leading to XSS

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html...

5.1CVSS0.00339EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/08/19 12:0 a.m.5 views

Mermaid 安全漏洞

Mermaid is a mermaid-js open source application. Creates diagrams and visualizations using text and code. A security vulnerability exists in Mermaid 11.9.0 and earlier versions, which stems from user-entered architecture diagram icons being passed to the d3 html method, potentially leading to...

6.1CVSS6.3AI score0.00339EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/07/14 12:0 a.m.6 views

Directus 授权问题漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. An authorization issue vulnerability exists in Directus versions prior to 9.12.0 to 11.9.0 that stems from a manual trigger process that does not validate permissions, which...

6.5CVSS6.3AI score0.00395EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/03/19 12:0 a.m.5 views

Intrexx Portal Server 安全漏洞

Intrexx Portal Server is a cross-platform development environment from Intrexx Corporation. A security vulnerability exists in Intrexx Portal Server versions 12.0.2 and earlier and 11.9.2 and earlier that stems from a cross-site scripting issue with multiple Velocity scripts...

6.1CVSS6.1AI score0.00215EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/03 12:0 a.m.4 views

Hewlett Packard Enterprise ClearPass Policy Manager 安全漏洞

Hewlett Packard Enterprise ClearPass Policy Manager is a wireless network security access management system from Hewlett Packard Enterprise. A security vulnerability in Hewlett Packard Enterprise ClearPass Policy Manager version 6.11.x prior to 6.11.9 and version 6.12.x prior to 6.12.2 stems from...

8CVSS7.9AI score0.00447EPSS
Exploits0References2
OSV
OSV
added 2024/11/01 4:15 a.m.6 views

CVE-2024-10616

A vulnerability classified as critical has been found in Tongda OA up to 11.9. This affects an unknown part of the file /pda/workflow/webSignSubmit.php. The manipulation of the argument saleId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed t...

9.8CVSS5.7AI score0.00543EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/08/12 12:0 a.m.2 views

WordPress plugin Football Pool 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.1AI score0.00245EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/06 12:0 a.m.6 views

TONGDA Office Anywhere SQL Injection Vulnerability

TONGDA Office Anywhere is a collaborative office OA system. A SQL injection vulnerability exists in TONGDA Office Anywhere 2017 version 11.9 and earlier versions, which stems from the fact that incorrect operation of the parameter ASKDUTYID can lead to SQL injection...

9.8CVSS8AI score0.00651EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/02/06 12:0 a.m.9 views

PT-2024-17638 · Unknown · Tongda Oa 2017

Name of the Vulnerable Software and Affected Versions: Tongda OA 2017 versions up to 11.9 Description: A critical vulnerability was found in Tongda OA 2017. The issue affects an unknown functionality of the file /general/attendance/manage/ask duty/delete.php. The manipulation of the ASK DUTY ID...

9.8CVSS6.4AI score0.00651EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/01/01 12:0 a.m.8 views

WordPress Plugin WP TripAdvisor Review Slider Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in the...

4.8CVSS5.9AI score0.00402EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/12/20 12:0 a.m.14 views

PT-2023-32838 · Tongda Oa · Tongda Oa

Name of the Vulnerable Software and Affected Versions: Tongda OA 2017 versions up to 11.9 Description: A critical issue has been found in the software, affecting an unknown function of the file general/vehicle/checkup/delete search.php. The manipulation of the VU ID argument leads to sql injectio...

9.8CVSS6.7AI score0.00695EPSS
Exploits1References6
Rows per page
Query Builder