Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. A server-side request forgery SSRF vulnerability in the IKEv2 implementation of Palo Alto Networks PAN- OS software allo...

SUSE CVE-2026-26233

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of service server crash and restart via HTTP/2 single packet attack with 100+ parallel login requests...

SUSE CVE-2026-25783

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586...

CVE-2026-26304 Permission Bypass in Playbook Run Creation

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2 fail to verify runcreate permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542...

CVE-2026-24458 DoS attack via login attempts with multi-megabyte passwords

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly handle very long passwords, which allows an attacker to overload the server CPU and memory via executing login attempts with multi-megabyte passwords. Mattermost Advisory ID: MMSA-2026-00587...

CVE-2026-26246

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing PSD image files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted PSD file. Mattermost Advisory I...

PT-2026-25809

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msgpack frames within websocket messages to calls plugin. Mattermost Advisory ID:...

Grafana 11.3.x < 11.3.0+security-01 Incorrect Privilege Assignment

According to its self-reported version, the Grafana install hosted on the remote host is 11.2.x earlier than 11.2.3+security-01, or 11.3.x earlier than 11.3.0+security-01. It is, therefore, affected by a incorrect privilege assignment vulnerability. Note that the scanner has not tested for these...

CVE-2024-45082

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displaye...

IBM Cognos Analytics 安全漏洞

IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decision-making by analyzing such things as key factors versus key people. A security...

IBM Cognos Analytics 11.2.x < 11.2.4 FP4 Interim Fix 2 / 12.0.x < 12.0.3 Interim Fix 2 (7160700)

The version of IBM Cognos Analytics installed on the remote host is either prior to 11.2.4 FP4 Interim Fix 2 or i 12.0.3 Interim Fix 2. It is, therefore, affected by an exposed API key as referenced in the IBM Security Bulletin No. 7160700: - A local attacker could obtain sensitive information in...

GitLab 11.1.x - 11.1.7, 11.2.x - 11.2.4, 11.3.x - 11.3.1 Information Disclosure Vulnerability

GitLab is prone to an exposure of sensitive information to an unauthorized actor vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

TCExam 11.2.x - admincodetce_edit_answer.php Multiple SQL Injections

TCExam 11.2.x - admincodetceeditanswer.php Multiple SQL Injections source: https://www.securityfocus.com/bid/54861/info TCExam is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful...