56 matches found
CVE-2026-24044
Element Server Suite Community Edition ESS Community deploys a Matrix stack using the provided Helm charts and Kubernetes distribution. The ESS Community Helm Chart secrets initialization hook using matrix-tools container before 0.5.7 is using an insecure Matrix server key generation method,...
CVE-2026-24044 ESS Community Helm Chart has a weak server key generation method
Element Server Suite Community Edition ESS Community deploys a Matrix stack using the provided Helm charts and Kubernetes distribution. The ESS Community Helm Chart secrets initialization hook using matrix-tools container before 0.5.7 is using an insecure Matrix server key generation method,...
CVE-2026-24044 ESS Community Helm Chart has a weak server key generation method
Element Server Suite Community Edition ESS Community deploys a Matrix stack using the provided Helm charts and Kubernetes distribution. The ESS Community Helm Chart secrets initialization hook using matrix-tools container before 0.5.7 is using an insecure Matrix server key generation method,...
CVE-2026-24044
CVE-2026-24044 affects Element Server Suite Community Edition (ESS Community) Helm Chart. The issue arises in the Helm Chart secrets initialization hook (using matrix-tools container prior to 0.5.7) where an insecure Matrix server key generation method can produce the same key pair, enabling netw...
PT-2026-7886
Name of the Vulnerable Software and Affected Versions Element Server Suite Community Edition ESS Community versions prior to 25.12.1 Description The Element Server Suite Community Edition ESS Community Helm Chart contains a flaw in its secrets initialization hook, specifically within the...
CVE-2025-66291 OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Interview Attachments
OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has...
EUVD-2006-0832
Malware in sbrugna...
EUVD-2023-32078
Malicious code in bioql PyPI...
WordPress plugin Flytedesk Digital 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... WordPress plugin...
Malicious code in @zalastax/nolb-ess (npm)
The package @zalastax/nolb-ess was found to contain malicious code...
MAL-2025-43208 Malicious code in @zalastax/nolb-ess (npm)
The package @zalastax/nolb-ess was found to contain malicious code...
CVE-2023-28382
Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. Affected products and versions are as follows: ESS REC Agent Server Edition for Linux V1.0.0 to V1.4.3, ESS REC Agent Server Edition for...
CVE-2020-9288
An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack XSS via the ESS profile or the Radius Profile...
Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Storage Scale packaged in IBM Elastic Storage Server (CVE-2023-24998)
Summary There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Elastic Storage Server, which could allow a remote attacker to cause a denial of service. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a deni...
CVE-2023-28382
Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. Affected products and versions are as follows: ESS REC Agent Server Edition for Linux V1.0.0 to V1.4.3, ESS REC Agent Server Edition for...
CVE-2023-28382
Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. Affected products and versions are as follows: ESS REC Agent Server Edition for Linux V1.0.0 to V1.4.3, ESS REC Agent Server Edition for...
Directory traversal
Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. Affected products and versions are as follows: ESS REC Agent Server Edition for Linux V1.0.0 to V1.4.3, ESS REC Agent Server Edition for...
CVE-2023-28382
Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. Affected products and versions are as follows: ESS REC Agent Server Edition for Linux V1.0.0 to V1.4.3, ESS REC Agent Server Edition for...
PT-2023-21686 · Oracle +2 · Solaris +2
Name of the Vulnerable Software and Affected Versions: ESS REC Agent Server Edition for Linux versions V1.0.0 through V1.4.3 ESS REC Agent Server Edition for Solaris versions V1.1.0 through V1.4.0 ESS REC Agent Server Edition for HP-UX versions V1.1.0 through V1.4.0 ESS REC Agent Server Edition f...
CVE-2023-28382
CVE-2023-28382 describes a directory traversal vulnerability in ESS REC Agent Server Edition series. An authenticated attacker can view or alter arbitrary files on the server. Affected editions and versions include: Linux V1.0.0–V1.4.3, Solaris V1.1.0–V1.4.0, HP-UX V1.1.0–V1.4.0, and AIX V1.2.0–V...