O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA version 9.1.3, which stems from vulnerability to cross-site scripting attacks...

Unspecified Vulnerability in Magma (CNVD-2025-15071)

Magma is an open source software platform from Magma Open Source. Provides network operators with an open, flexible and scalable mobile core network solution. Magma suffers from a security vulnerability that can be exploited by an attacker to cause a denial of service by repeatedly crashing the M...

Magma null pointer dereference vulnerability (CNVD-2025-02445)

Magma is an open source software platform from Magma Open Source. Provides network operators with an open, flexible and scalable mobile core network solution. Magma has a null pointer dereference vulnerability that can be exploited by an attacker to crash MME...

Magma Buffer Overflow Vulnerability

Magma is an open source software platform from Magma Open Source. Provides network operators with an open, flexible and scalable mobile core network solution. Magma suffers from a buffer overflow vulnerability that can be exploited by an attacker to trigger a denial of service DoS via a crafted N...

Magma 安全漏洞

Magma is an open source software platform from Magma Open Source. Provides network operators with an open, flexible and scalable mobile core network solution. Magma has a buffer overflow vulnerability that can be exploited by an attacker to trigger a denial of service DoS via a carefully crafted...

Magma 代码问题漏洞

Magma is an open source software platform from Magma Open Source. Provides network operators with an open, flexible and scalable mobile core network solution. Magma has a null pointer dereference vulnerability that can be exploited by an attacker to crash MME...

Mattermost Denial of Service Vulnerability (CNVD-2025-12635)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A denial of service vulnerability exists in Mattermost. The vulnerability stems from a failure to properly handle attachments that contain string fields. An attacker could exploit the vulnerability to...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a denial-of-service vulnerability that can be exploited by attackers to cause a system crash...

CVE-2024-57632

creationtimestamp| type| source ---|---|--- 2025-01-14 01:16:34+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfo3bwuox22t 2025-01-14 01:31:29+00:00| seen| https://infosec.exchange/users/cve/statuses/113824123349562918...

Progress Sitefinity 安全漏洞

Progress Sitefinity is an open source platform for building corporate websites and intranets from Progress, Inc. in the United States. A security vulnerability exists in Progress Sitefinity that stems from improper input neutralization during web page generation, resulting in a cross-site scripti...

Progress Sitefinity 安全漏洞

Progress Sitefinity is an open source platform for building corporate websites and intranets from Progress, Inc. in the United States. A security vulnerability exists in Progress Sitefinity, which stems from an error message vulnerability that could lead to information disclosure...

CVE-2024-53220

creationtimestamp| type| source ---|---|--- 2024-12-27 14:17:59+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lec6knfkgt2e 2024-12-27 17:22:12+00:00| seen| https://infosec.exchange/users/cve/statuses/113725940150356711 2025-12-03 14:14:49+00:00| seen|...

CVE-2024-49765

CVE-2024-49765 affects Discourse where sites enabling Discourse Connect alongside local login methods could allow an attacker to bypass Discourse Connect to create accounts and log in. The issue is described as a bypass of login paths rather than a remote exploit; affected component is the Discou...

CVE-2024-52794 Magnific lightbox susceptible to Cross-site Scripting in Discourse

Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability...

CVE-2024-52590 Missing validation allows spoofed profiles in Misskey

Misskey is an open source, federated social media platform. In affected versions missing validation in ApRequestService.signedGet allows an attacker to create fake user profiles that appear to be from a different instance than the one where they actually exist. These profiles can be used to...

CVE-2024-54139 Combodo iTop vulnerable to XSS leading to CSRF breach on _table_id parameter

Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the tableid parameter. Versions 2.7.11, 3.1.2, and 3.2.0 contain a patch for the...

Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware

A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024. "Cybercriminals have been taking advantage of Godot Engine to execute crafted GDScript code which triggers malicious commands...

eNMS 路径遍历漏洞

eNMS is an open source network automation platform from eNMS. A path traversal vulnerability exists in eNMS version 4.2 and earlier. An attacker could exploit this vulnerability to access sensitive files or directories on the system...

CVE-2024-31973

creationtimestamp| type| source ---|---|--- 2024-10-30 20:03:06+00:00| seen| https://t.me/cvedetector/9452 2025-10-01 18:11:56+00:00| seen| MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6 2025-10-08 21:59:27+00:00| seen| MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6...

eLabFTW 安全漏洞

eLabFTW is an open source experimental data hosting platform from eLabFTW Open Source. The platform runs on Linux and supports storing a wide range of objects. A security vulnerability exists in eLabFTW that stems from allowing initially unauthenticated users to gain administrative access to...