Lucene search
+L

461 matches found

OSV
OSV
added 2026/03/16 3:30 p.m.3 views

GHSA-2V3W-6G35-5F9V Mattermost fails to properly validate User-Agent header tokens

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586...

4.3CVSS5.8AI score0.00285EPSS
Exploits0References4
NVD
NVD
added 2026/03/16 2:18 p.m.6 views

CVE-2026-25783

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586...

4.3CVSS0.00285EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/16 12:4 p.m.3 views

CVE-2026-25783 Denial of service via malformed User-Agent header in getBrowserVersion

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586...

4.3CVSS5.8AI score0.00285EPSS
Exploits0References1
CVE
CVE
added 2026/03/16 12:4 p.m.13 views

CVE-2026-25783

CVE-2026-25783 affects Mattermost versions 11.3.x up to 11.3.0, 11.2.x up to 11.2.2, and 10.11.x up to 10.11.10. An authenticated attacker can trigger a request panic by sending specially crafted User-Agent header, due to improper validation of User-Agent header tokens. The CVSS score is 4.3 (Med...

4.3CVSS5.8AI score0.00285EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/16 12:4 p.m.5 views

CVE-2026-25783

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586...

4.3CVSS5.8AI score0.00285EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.14 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.3.0 and earlier 11.3.x series, 11.2.2 and earlier 11.2.x series, as well as 10.11.10 and earlier 10.11.x series, have security vulnerabilities. These vulnerabilities...

4.3CVSS6.4AI score0.00285EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2026/03/11 12:0 a.m.14 views

VulnCheck KEV: CVE-2025-62593

Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense us...

9.4CVSS5.7AI score0.00345EPSS
In wildExploits0References2
NVD
NVD
added 2026/01/27 4:16 p.m.6 views

CVE-2021-47900

Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shellexec to run system commands by sending craft...

9.8CVSS0.00602EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/27 3:23 p.m.22 views

CVE-2021-47900 Gila CMS < 2.0.0 - Remote Code Execution

Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shellexec to run system commands by sending craft...

9.8CVSS0.00602EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/27 3:23 p.m.10 views

EUVD-2021-34749

Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shellexec to run system commands by sending craft...

9.8CVSS6.7AI score0.00602EPSS
Exploits0References4
CVE
CVE
added 2026/01/27 3:23 p.m.11 views

CVE-2021-47900

Gila CMS

9.8CVSS6.7AI score0.00602EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/27 3:23 p.m.5 views

CVE-2021-47900 Gila CMS < 2.0.0 - Remote Code Execution

Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shellexec to run system commands by sending craft...

9.8CVSS6.7AI score0.00602EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.9 views

PT-2026-4931

Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shell exec to run system commands by sending...

9.8CVSS6.7AI score0.00602EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 11:24 a.m.7 views

CVE-2021-31794

Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header...

6.1CVSS5.8AI score0.00668EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:13 a.m.6 views

CVE-2016-10964

The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header...

6.1CVSS6AI score0.0102EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:55 a.m.9 views

CVE-2020-12645

OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption...

9.8CVSS6.9AI score0.01075EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:30 a.m.7 views

CVE-2019-16197

In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS...

6.1CVSS6.5AI score0.0299EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:28 a.m.17 views

CVE-2019-12198

In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header...

7.5CVSS7.1AI score0.01266EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/24 7:36 p.m.9 views

CVE-2021-47738

CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend...

5.4CVSS6.3AI score0.00249EPSS
Exploits1References1
OSV
OSV
added 2025/12/23 8:15 p.m.5 views

CVE-2021-47738

CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend...

5.4CVSS5.8AI score0.00249EPSS
Exploits1References4
Rows per page
Query Builder