30 matches found
Important: Red Hat Security Advisory: redhat-ds:11 security update
An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.9 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
RHEL 8 : redhat-ds:11 (RHSA-2026:5514)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:5514 advisory. Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol LDAP serve...
CVE-2025-14573
Mattermost versions 10.11.x = 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561...
CVE-2025-14573 Team Admin Bypass of Invite Permissions via allow_open_invite Field
Mattermost versions 10.11.x = 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.1.2 and earlier 11.1.x series, 10.11.9 and earlier 10.11.x series, and 11.2.1 and earlier 11.2.x series have security vulnerabilities. These vulnerabilities stem fro...
CVE-2026-20796
Mattermost versions 10.11.x = 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /commonteams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549...
Ruijie AP180 Series Operating System Command Injection Vulnerability
The Ruijie AP180 Series is a series of panel-type wireless access points produced by the Chinese company Ruijie. Previous versions of the Ruijie AP180 Series, including those with model number 11.94B1P8, had a vulnerability related to operating system command injection. This vulnerability stems...
CVE-2025-9313 Unauthorized database access in Asseco mMedica
An unauthenticated user can connect to a publicly accessible database using arbitrary credentials. The system grants full access to the database by leveraging a previously authenticated connection through a "mmBackup" application. This flaw allows attackers to bypass authentication mechanisms and...
CVE-2025-55746
Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents without changes being applied to the files'...
CVE-2025-54880 Mermaid does not properly sanitize architecture diagram iconText leading to XSS
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html...
Mermaid 安全漏洞
Mermaid is a mermaid-js open source application. Creates diagrams and visualizations using text and code. A security vulnerability exists in Mermaid 11.9.0 and earlier versions, which stems from user-entered architecture diagram icons being passed to the d3 html method, potentially leading to...
Directus 授权问题漏洞
Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. An authorization issue vulnerability exists in Directus versions prior to 9.12.0 to 11.9.0 that stems from a manual trigger process that does not validate permissions, which...
Intrexx Portal Server 安全漏洞
Intrexx Portal Server is a cross-platform development environment from Intrexx Corporation. A security vulnerability exists in Intrexx Portal Server versions 12.0.2 and earlier and 11.9.2 and earlier that stems from a cross-site scripting issue with multiple Velocity scripts...
Hewlett Packard Enterprise ClearPass Policy Manager 安全漏洞
Hewlett Packard Enterprise ClearPass Policy Manager is a wireless network security access management system from Hewlett Packard Enterprise. A security vulnerability in Hewlett Packard Enterprise ClearPass Policy Manager version 6.11.x prior to 6.11.9 and version 6.12.x prior to 6.12.2 stems from...
CVE-2024-10616
A vulnerability classified as critical has been found in Tongda OA up to 11.9. This affects an unknown part of the file /pda/workflow/webSignSubmit.php. The manipulation of the argument saleId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed t...
WordPress plugin Football Pool 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
TONGDA Office Anywhere SQL Injection Vulnerability
TONGDA Office Anywhere is a collaborative office OA system. A SQL injection vulnerability exists in TONGDA Office Anywhere 2017 version 11.9 and earlier versions, which stems from the fact that incorrect operation of the parameter ASKDUTYID can lead to SQL injection...
PT-2024-17638 · Unknown · Tongda Oa 2017
Name of the Vulnerable Software and Affected Versions: Tongda OA 2017 versions up to 11.9 Description: A critical vulnerability was found in Tongda OA 2017. The issue affects an unknown functionality of the file /general/attendance/manage/ask duty/delete.php. The manipulation of the ASK DUTY ID...
WordPress Plugin WP TripAdvisor Review Slider Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in the...
PT-2023-32838 · Tongda Oa · Tongda Oa
Name of the Vulnerable Software and Affected Versions: Tongda OA 2017 versions up to 11.9 Description: A critical issue has been found in the software, affecting an unknown function of the file general/vehicle/checkup/delete search.php. The manipulation of the VU ID argument leads to sql injectio...