10 matches found
CVE-2026-3115 Guest users can view group member IDs without respecting view restrictions
Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to apply view restrictions when retrieving group member IDs, which allows authenticated guest users to enumerate user IDs outside their allowed visibility scope via the group retrieval endpoint...
CVE-2021-47819
CVE-2021-47819 affects ProjeQtOr Project Management 9.1.4. A file upload vulnerability in the profile attachment feature allows guest users to upload PHP files, enabling arbitrary code execution by accessing the uploaded file with a crafted request parameter. Metrics indicate critical impact on c...
CVE-2019-12942
TTLock devices do not properly block guest access in certain situations where the network connection to the cloud is unavailable...
EUVD-2024-44262
Malicious code in bioql PyPI...
EUVD-2024-25314
Malicious code in bioql PyPI...
CVE-2013-0143
cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string...
XWiki Platform allows remote code execution as guest via SolrSearchMacros request
Impact Any guest can perform arbitrary remote code execution through a request to SolrSearch. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to...
PT-2024-7078 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE/CE versions 11.4 through 17.2.8 GitLab EE/CE versions 17.3 through 17.3.4 GitLab EE/CE versions 17.4 through 17.4.1 Description: The issue is related to errors in the representation of given functions in the GitLab platform, allowin...
CVE-2024-24304
The CVE-2024-24304 affects the Mailjet module for PrestaShop prior to version 3.5.1. A guest can download technical information without restriction due to the underlying design in this module, enabling exposure of internal details. The issue is documented across multiple sources (NVD/Red Hat/CVE ...
CVE-2023-49099 Discourse secure uploads accessible to guests even when login is required
Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4...