GHSA-RP38-24M3-RX87 The lesscss script service allows cache clearing without programming right

Impact The script API of the LESS compiler in XWiki is incorrectly checking for rights when calling the cache cleaning API, making it possible to clean the cache without having programming right. The only impact of this is a slowdown in XWiki execution as the caches are re-filled. As this...

M-Files 安全漏洞

M-Files is an innovative metadata-driven document management platform from M-Files, Inc. A security vulnerability exists in M-Files Client prior to version 23.5.12598.0, which stems from a lack of access rights checking that allows elevation of privileges via UI application extensions...

FreeBSD : RT -- Multiple Vulnerabilities (4b738d54-2427-11e2-9817-c8600054b392)

BestPractical report : All versions of RT are vulnerable to an email header injection attack. Users with ModifySelf or AdminUser can cause RT to add arbitrary headers or content to outgoing mail. Depending on the scrips that are configured, this may be be leveraged for information leakage or...