139680 matches found
EUVD-2026-43315
Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token login path, which allows a deactivated guest user to obtain a fully functional session via a magic-link token issued prior to deactivation...
CVE-2026-9571
Mattermost CVE-2026-9571 affects versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, and 10.11.x
Malicious code in nottuff13 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79fcdb937c07c7ec8c87b884a8410166890165c5e9554397ed5ebcb1a5e58cf7 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Eclipse Jetty ConcatServlet - Information Disclosure
Eclipse Jetty through 9.4.40, through 10.0.2, and through 11.0.2 is susceptible to information disclosure. Requests to the ConcatServlet with a doubly encoded path can access protected resources within the WEB-INF directory, thus enabling an attacker to potentially obtain sensitive information,...
Oracle Business Intelligence Publisher - XML External Entity Injection
Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise BI Publishe...
Apache Struts2 S2-062 - Remote Code Execution
Apache Struts2 S2-062 is vulnerable to remote code execution. The fix issued for CVE-2020-17530 S2-061 was incomplete, meaning some of the tag's attributes could still perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. id: CVE-2021-31805 info: name...
Commvault - SSRF via /commandcenter/deployWebpackage.do
A path traversal vulnerability in Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files, which, when expanded by the target server, result in Remote Code Execution. This issue affects Command Center Innovation Release: 11.38. id: CVE-2025-34028 info: name...
FOG Project < 1.5.10.34 - Remote Command Execution
FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. id: CVE-2024-39914 info: name: FOG Project 1.5.10.34 - Remote...
Java-springboot-codebase 1.1 - Arbitrary File Read
OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...
XWiki Platform - Path Traversal
XWiki Platform 4.2-milestone-2 through 16.10.6 contains a path traversal caused by improper access control in jsx and sx endpoints, letting remote attackers read configuration files, exploit requires no special privileges. id: CVE-2025-55748 info: name: XWiki Platform - Path Traversal author:...
Oracle Business Intelligence - Path Traversal
Oracle Business Intelligence versions 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0 are vulnerable to path traversal in the BI Publisher formerly XML Publisher component of Oracle Fusion Middleware subcomponent: BI Publisher Security. id: CVE-2019-2588 info: name: Oracle Business Intelligence - Path...
WordPress Custom 404 Pro <= 3.11.1 - Reflected XSS
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Kunal Nagar Custom 404 Pro allows Reflected XSS.This issue affects Custom 404 Pro: from n/a through 3.11.1. id: CVE-2024-39646 info: name: WordPress Custom 404 Pro = 3.11.1 - Reflected XSS...
Gradio - Open Redirect
Gradio allows an open redirect bypass via URL encoding, enabling attackers to redirect users to malicious sites. This can lead to phishing attacks and loss of trust in the application. id: CVE-2024-8021 info: name: Gradio - Open Redirect author: DhiyaneshDK severity: medium description: | Gradio...
OneDev.io < 11.0.9 - Arbitrary File Read
Files on the host computer can be accessed by directory traversal. id: CVE-2024-45309 info: name: OneDev.io 11.0.9 - Arbitrary File Read author: isacaya severity: high description: | Files on the host computer can be accessed by directory traversal. impact: | An attacker would be able to view the...
QNAP Music Station < 5.4.0 - Authentication Bypass
An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Music Station 5.4.0 and later id:...
Frappe Framework < 16.15.0 - Arbitrary File Read via render_include Path Traversal
Frappe is a full-stack web application framework. Versions prior to 15.105.0 and 16.15.0 contain a possible Arbitrary File Read vulnerability via Path Traversal. The issue is resolved in versions 16.15.0, 15.105.0 and above. id: CVE-2026-39352 info: name: Frappe Framework 16.15.0 - Arbitrary File...
XWiki - Cross-Site Scripting
XWiki is vulnerable to reflected Cross-Site Scripting XSS via the viewer=changes endpoint. The rev2 parameter is not properly sanitised before being rendered in the response, allowing an attacker to inject arbitrary JavaScript. Affects XWiki versions prior to the patched release. id: CVE-2026-401...
Apache ActiveMQ 6.x < 6.1.2 - Broken Access Control
Apache ActiveMQ 6.x contains an unauthenticated API web context caused by default configuration lacking security measures in the Jetty server, letting anyone interact with broker APIs and messaging layers, exploit requires no authentication. id: CVE-2024-32114 info: name: Apache ActiveMQ 6.x 6.1....
Rclone RC - Broken Access Control
Rclone = 1.45.0 and = 1.45.0 and 1.73.5 contains a broken access control vulnerability caused by unauthenticated access to the RC endpoint options/set allowing mutation of global runtime configuration, letting unauthenticated attackers access sensitive administrative functions, exploit requires R...
AnythingLLM - Username Enumeration via Password Recovery
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...