CVE-2023-49377

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/tag/update...

PT-2025-32581 · WordPress · Mattermost Confluence Plugin

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not properly handle unexpected request bodies. Attackers can exploit this to crash the plugin by repeatedly sending invalid request bodies...

PT-2024-25518 · Linqi · Linqi

Name of the Vulnerable Software and Affected Versions: linqi versions prior to 1.4.0.1 Description: An issue was discovered in linqi, allowing local file inclusion via the /api/Cdn/GetFile API endpoint. Recommendations: For versions prior to 1.4.0.1, update to version 1.4.0.1 or later to resolve...

PT-2024-22681 · Memos · Memos

Name of the Vulnerable Software and Affected Versions: memos versions 0.13.2 through 0.16.0 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability. It exists at the "/o/get/httpmeta" API endpoint, allowing unauthenticated users to enumerate the internal network and...

CVE-2024-2145 SourceCodester Online Mobile Management Store update-tracker.php cross site scripting

A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/update-tracker.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to launch the...

Vulnerability fixed in Microsoft Defender

Microsoft has fixed a vulnerability in Defender. The vulnerability allows a malicious party to cause a denial-of-service exploit. Microsoft Defender for Endpoint: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...