11379 matches found
CVE-2026-23758 GFI HelpDesk < 4.99.9 Stored XSS via editsubject Parameter
GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subject field that allows authenticated staff members to inject malicious JavaScript by manipulating the editsubject POST parameter. Attackers can inject XSS payloads through inadequate sanitization in...
Incomplete List of Disallowed Inputs
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the run method of the AirtableAgents class, which evaluates LLM-generated Python scripts in a non-sandboxed environment. An attacker can execute arbitrary code on the...
Incomplete List of Disallowed Inputs
Overview flowise-ui is a Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the run method of the AirtableAgents class, which evaluates LLM-generated Python scripts in a non-sandboxed environment. An attacker can execute arbitrary code on the server by...
EUVD-2026-22875
Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost...
GHSA-M7CF-4GH2-V4QG Mattermost doesn't validate CSRF tokens on an authentication endpoint
Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost...
Mattermost doesn't validate CSRF tokens on an authentication endpoint
Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost...
OESA-2026-1985 avahi security update
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared...
OESA-2026-1983 avahi security update
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared...
OESA-2026-1913 systemd security update
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. Security Fixes: A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine...
OESA-2026-1912 systemd security update
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. Security Fixes: A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper access control in the unaccess process. An attacker can cause disruption of all public shares routed through a global frontend by sending a DELETE request to the affected API endpoint with knowled...
Incorrect Authorization
Overview silverstripe/assets is an asset module required component of SilverStripe Framework. Affected versions of this package are vulnerable to Incorrect Authorization via the DBFile::getURL process. An attacker can gain unauthorized access to protected files by exploiting the way access grants...
TRACE
No d...
nginx 0.5.13 < 1.28.3 / 1.29.x < 1.29.7 Buffer Overflow in ngx_http_dav_module
The installed version of nginx is 0.5.13 prior to 1.28.3, or 1.29.x prior to 1.29.7. It is, therefore, affected by the following issue : - NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX...
CVE-2026-28741
Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost...
CVE-2026-28741 CSRF Protection Bypass Allows Updating a User's Authentication Method
Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost...
CVE-2026-28741
Mattermost CVE-2026-28741 describes a CSRF protection bypass on an authentication endpoint that allows an attacker to update a user’s authentication method by tricking a user into visiting a malicious page. Affected versions are Mattermost 10.11.x (up to 10.11.12), 11.5.x (up to 11.5.0), 11.4.x (...
CVE-2026-28741 CSRF Protection Bypass Allows Updating a User's Authentication Method
Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost...
CVE-2026-28741
Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost...
PT-2026-33037
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.0 through 10.11.12 Mattermost version 11.5.0 Mattermost versions 11.4.0 through 11.4.2 Mattermost versions 11.3.0 through 11.3.2 Description An authentication endpoint fails to validate CSRF tokens. This allows an...