F5 BIG-IP和F5 BIG-IQ 安全漏洞

F5 BIG-IP and F5 BIG-IQ are both products from the American company F5. F5 BIG-IP is an application delivery platform that integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IQ is a software-based cloud management solution. This...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a security vulnerability, which stems from the possibility for...

EUVD-2025-16492

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-0984

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Users with the capability to configure badge criteria teachers and managers by default were able to configure course badges with profile field criteria, which...

Mattermost Server 9.11.x < 9.11.13 / 10.5.x < 10.5.4 / 10.7.x < 10.7.1 Multiple Vulnerabilities (MMSA-2025-00457, MMSA-2025-00462)

The version of Mattermost Server installed on the remote host is prior to 9.11.13, 10.5.4, or 10.7.1. It is, therefore, affected by multiple vulnerabilities as referenced in the MMSA-2025-00457 and MMSA-2025-00462 advisories. - Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.1...

GO-2025-3728 Mattermost fails to properly enforce access control restrictions for System Manager roles in github.com/mattermost/mattermost-server

Mattermost fails to properly enforce access control restrictions for System Manager roles in github.com/mattermost/mattermost-server...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of access control restrictions for System Manager roles. An attacker can gain unauthorized access via direct API requests to team endpoints and perform actions reserved for System...

CVE-2025-3611

Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team...

Mattermost fails to properly enforce access control restrictions for System Manager roles

Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team...

CVE-2025-3611

Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team...

CVE-2025-3611

Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team...

PT-2025-23309 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.7.x through 10.7.0 Mattermost versions 10.5.x through 10.5.3 Mattermost versions 9.11.x through 9.11.12 Description: The issue is related to the failure of Mattermost to properly enforce access control restrictions for...

CVE-2013-1083

Unspecified vulnerability in the login functionality in the Reporting Module in Novell Identity Manager aka IDM Roles Based Provisioning Module 4.0.2 before Field Patch C has unknown impact and attack vectors...

CVE-2024-3149

A Server-Side Request Forgery SSRF vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can exploit this by...

PT-2024-24118 · Mintplex +1 · Anything-Llm +1

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm affected versions not specified Description: A Server-Side Request Forgery SSRF vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin...

CVE-2024-3283 Privilege Escalation via Mass Assignment in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multiusermode' system variable, enabling...

CVE-2024-3283 Privilege Escalation via Mass Assignment in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multiusermode' system variable, enabling...

PT-2024-24905 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm affected versions not specified Description: A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The...

K21344224: Lazy FP state restore vulnerability CVE-2018-3665

Security Advisory Description System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. CVE-2018-3665 A Floating-Point FP state...

Yoast SEO <= 9.1 - Authenticated Race Condition

According to the changelog, "Race Condition which leads to command execution, by users with SEO Manager roles."...