3264 matches found
CVE-2026-2461
Mattermost Plugins versions =11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559...
CVE-2026-24311
The SAP Customer Checkout application exhibits certain design characteristics that involve locally storing operational data using reversible protection mechanisms. Access to this data, combined with user?initiated interaction, may allow modifications to occur without validation. Such changes coul...
PT-2026-24156
The SAP Customer Checkout application exhibits certain design characteristics that involve locally storing operational data using reversible protection mechanisms. Access to this data, combined with user?initiated interaction, may allow modifications to occur without validation. Such changes coul...
EUVD-2026-8724
GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packag...
CVE-2026-1747
GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packag...
CVE-2026-1747
GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packag...
CVE-2026-1747 Authentication Bypass Using an Alternate Path or Channel in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packag...
CVE-2026-1747
Removed by vendor...
Plane 安全漏洞
Plane is an open-source, self-hosted project planning tool developed by Plane OpenSource. Versions of Plane prior to 1.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the ProjectAssetEndpoint.patch method, which performed global asset searches based solely on asset IDs,...
GitLab EE 安全漏洞
GitLab Enterprise Edition EE is a content management system provided by the American company GitLab. There were security vulnerabilities in versions of GitLab EE from 17.11 to 18.7.5, as well as in versions 18.8 to 18.8.5 and 18.9 to 18.9.1. These vulnerabilities stemmed from the possibility that...
WordPress plugin EmailKit – Email Customizer for WooCommerce & WP 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...
WordPress plugin Business Directory Plugin 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2025-52627
Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0...
PT-2026-5903
Name of the Vulnerable Software and Affected Versions AION version 2.0 Description A configuration issue exists where the root file system is not mounted as read-only. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or...
WordPress plugin Phrase TMS Integration for WordPress has security vulnerabilities.
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
CVE-2021-33790
The RebornCore library before 4.7.3 allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of reborncore.common.network.ExtendedPacketBuffer. An attacker can instantiate any class on the classpath with any data. A class usable for exploitation...
CVE-2021-33177
The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries...
CVE-2023-45864
A race condition issue discovered in Samsung Mobile Processor Exynos 9820, 980, 1080, 2100, 2200, 1280, and 1380 allows unintended modifications of values within certain areas...
CVE-1999-0184
When compiled with the -DALLOWUPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records...
CVE-2025-59374
"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that...