13 matches found
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...
PT-2026-35724
Name of the Vulnerable Software and Affected Versions Devolutions Server versions prior to 2026.1.14.1 Description Improper access control in the vault documentation feature allows an authenticated attacker to read documentation content from unauthorized vaults by sending a crafted API request...
BIT-GITLAB-2025-13772 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API...
[SECURITY] Fedora 43 Update: rust-reqsign-core-2.0.1-1.fc43
Signing API requests without effort...
CVE-2025-3518
It technically possible for a user to upload a file to a conversation despite the file upload functionality being disabled. The file upload functionality can be enabled or disabled for specific use cases through configuration. In case the functionality is disabled for at least one use case, the...
Ironman Software PowerShell Universal Security Vulnerability
Ironman Software PowerShell Universal is a single pane for managing and delegating access to automation environments from Ironman Software. A security vulnerability exists in Ironman Software PowerShell Universal versions 3.0.0 through 4.2.0, which stems from an invalid filtering of input strings...
CVE-2022-43545
A vulnerability has been identified in POWER METER SICAM Q100 All versions V2.50, POWER METER SICAM Q100 All versions V2.50, POWER METER SICAM Q100 All versions V2.50, POWER METER SICAM Q100 All versions V2.50, SICAM P850 All versions V3.10, SICAM P850 All versions V3.10, SICAM P850 All versions...
CVE-2022-35136
Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests...
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...
Couchbase Server 加密问题漏洞
Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that primarily supports data querying, full-text searching, and active global replication. A cryptographic issue vulnerability exists in Couchbase Server, which stems from the inclusion of plaintext...
Windows COM Elevation of Privilege Vulnerability
An elevation of privilege exists in Windows COM Desktop Broker. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. Thi...
Windows COM Elevation of Privilege Vulnerability
An elevation of privilege exists in Windows COM Aggregate Marshaler. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability...
SAP Plant Connectivity Denial of Service Vulnerability
SAP Plant Connectivity PCo is a set of next-generation, high-performance production plant connectivity software from SAP, which can communicate with different industrial software platforms. A security vulnerability exists in the PCo agent of SAP PCo. A remote attacker could exploit this...