EUVD-2020-7706

Malware in sbrugna...

Mattermost Path Traversal vulnerability

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...

Mattermost Does Not Sanitize the Team Invite ID

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2 fail to sanitize the team invite ID in the POST /api/v4/teams/:teamId/restore endpoint which allows an team admin with no member invite privileges to get the team’s invite id...

CVE-2025-24915

When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location...

CVE-2025-24915

When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location...

Tenable Nessus Agent < 10.7.4 / 10.8.x < 10.8.3 Privilege Escalation (TNS-2025-02 & TNS-2025-03)

According to its self-reported version, the Tenable Nessus Agent running on the remote Windows host is prior to 10.7.4 or 10.8.x prior to 10.8.3. It is, therefore, affected by a privilege escalation vulnerability as outlined in the TNS-2025-02 & TNS-2025-03 advisories when installed on a...

[R2] Nessus Agent Version 10.8.3 Fixes One Vulnerability

R2 Nessus Agent Version 10.8.3 Fixes One Vulnerability Arnie Cabral Thu, 03/20/2025 - 11:44 When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories. This could allow for local privilege...

Tenable Nessus Multiple Vulnerabilities (TNS-2024-15, TNS-2024-16)

Tenable Nessus is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessus"; ifdescripti...

Tenable Nessus < 10.8.3 Multiple Vulnerabilities (TNS-2024-15 & TNS-2024-16)

According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 10.8.3. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2024-15 and TNS-2024-16 advisories. - Nessus leverages third-party software to help provide...

CVE-2024-27295 Directus MySQL accent insensitive email matching

Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more...

Jellyfin 跨站脚本漏洞

Jellyfin is a freeware media system. It allows you to control the management and streaming of media. It is an alternative to the proprietary Emby and Plex, and can serve media from a dedicated server to end-user devices through multiple applications. A security vulnerability exists in Jellyfin...

Cybozu Office Access Control Error Vulnerability

Cybozu Office is a Web-based, cross-platform collaboration solution from Cybozu. An access control error vulnerability exists in Cybozu Office versions 10.0.0 to 10.8.3, which can be exploited by an attacker to obtain unauthorized data via the application "Address"...