37 matches found
CVE-2026-6334
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated OAuth client to redeem authorization codes issued to a different client via a crafted token exchange request.. Mattermo...
Duplicate Advisory: Nest has a Fastify URL Encoding Middleware Bypass
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r4wm-x892-vjmx. This link is maintained to preserve external references. Original Description A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when...
GHSA-7Q64-3RG2-H9PF Duplicate Advisory: Nest has a Fastify URL Encoding Middleware Bypass
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r4wm-x892-vjmx. This link is maintained to preserve external references. Original Description A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when...
CVE-2026-2293
A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled. This issue affects nest.Js: 11.1.13...
MiracleLinux 8 : python3.11-3.11.13-2.el8_10 (AXSA:2025-10802:08)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10802:08 advisory. cpython: Cpython infinite loop when parsing a tarfile CVE-2025-8194 Tenable has extracted the preceding description block directly from the MiracleLinux...
CVE-2025-64748
Directus is a real-time API and App dashboard for managing SQL database content. A vulnerability in versions prior to 11.13.0 allows authenticated users to search concealed/sensitive fields when they have read permissions. While actual values remain masked , successful matches can be detected...
CVE-2025-64747 Directus Vulnerable to Stored Cross-site Scripting
Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...
Directus 安全漏洞
Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 11.13.0 that stems from a REST API error message discrepancy that could lead to the disclosure of unauthorized...
PT-2025-46911
Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.13.0 Description Directus does not properly remove field-level permissions when a field is deleted. When a field is removed from a collection, its reference in the permissions table is not cleared. This creates a...
EUVD-2025-36625
Cross-Site Request Forgery CSRF vulnerability in blubrry PowerPress Podcasting powerpress allows Cross Site Request Forgery.This issue affects PowerPress Podcasting: from n/a through = 11.13.12...
CVE-2025-64201 WordPress PowerPress Podcasting plugin <= 11.13.12 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in blubrry PowerPress Podcasting powerpress allows Cross Site Request Forgery.This issue affects PowerPress Podcasting: from n/a through = 11.13.12...
PT-2025-44246
Name of the Vulnerable Software and Affected Versions blubrry PowerPress Podcasting versions through 11.13.12 Description A Cross-Site Request Forgery CSRF issue exists in blubrry PowerPress Podcasting. This allows attackers to potentially perform actions on behalf of authenticated users without...
Linux Distros Unpatched Vulnerability : CVE-2023-21122
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In various functions of various files, there is a possible way to bypass the DISALLOWDEBUGGINGFEATURES restriction for tracing due to a missing permission check...
Linux Distros Unpatched Vulnerability : CVE-2020-29396
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated...
WordPress plugin Welcart e-Commerce 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
CVE-2024-13346
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running...
WordPress plugin Avada | Website Builder For WordPress & WooCommerce 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...
WordPress Avada theme <= 7.11.13 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Theme Avada versions = 7.11.13...
PT-2024-9761 · Oracle · Oracle Enterprise Command Center Framework
Name of the Vulnerable Software and Affected Versions: Oracle Enterprise Command Center Framework versions 11 through 13 Description: The issue is related to insufficient input validation in the Diagnostics component of the Oracle Enterprise Command Center Framework. This can be exploited by a...
CVE-2023-21122
In various functions of various files, there is a possible way to bypass the DISALLOWDEBUGGINGFEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...