Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost 11.5.1 and earlier, including 11.5.x, have security vulnerabilities. These vulnerabilities stem from the lack of verification of channel members when processing AI-assisted...

CVE-2025-46752

A insertion of sensitive information into log file in Fortinet FortiDLP 12.0.0 through 12.0.5, 11.5.1, 11.4.6, 11.4.5 allows attacker to information disclosure via re-using the enrollment code...

EUVD-2018-11268

Malware in sbrugna...

EUVD-2019-16190

Malware in sbrugna...

EUVD-2019-16164

Malware in sbrugna...

EUVD-2019-16153

Malware in sbrugna...

RosarioSIS 跨站脚本漏洞

RosarioSIS is a free and open source student information system. It is used to manage students, create reports and make sound decisions. A cross-site scripting vulnerability exists in RosarioSIS version 11.5.1, which stems from the inclusion of some unknown processing in the component Add Portal...

PT-2024-24026 · Francoisjacquet · Rosariosis

Name of the Vulnerable Software and Affected Versions: francoisjacquet RosarioSIS version 11.5.1 Description: A disputed issue affects the Add Portal Note component, leading to cross-site scripting. The attack can be initiated remotely. The vendor notes that the PDF is opened by the browser app i...

Default configuration

F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings...

Nature Easy Soft Network Technology ZenTao Cross-Site Scripting Vulnerability

Nature Easy Soft Network Technology ZenTao is China's easy soft Tianchuang network technology Nature Easy Soft Network Technology company's open source project management software. The software includes product management, project management, quality management and document management and other...

Design/Logic Flaw

GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page...

PT-2019-9856 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.3 through 11.5 before 11.5.1 GitLab CE/EE version 11.4 before 11.4.8 GitLab CE/EE version 11.3 before 11.3.11 Description: The issue is related to an XSS vulnerability in Markdown fields via Mermaid. Recommendations:...

PT-2019-9853 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.3 before 11.3.11 GitLab CE/EE versions 11.4 before 11.4.8 GitLab CE/EE versions 11.5 before 11.5.1 Description: The issue is related to an XSS vulnerability in Markdown fields via unrecognized HTML tags...

Design/Logic Flaw

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, when the BIG-IP system is licensed for Appliance mode, a user with either the Administrator or the Resource Administrator role can bypass Appliance mode restrictions...

PT-2019-18217 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP versions 11.5.1 through 11.5.8 BIG-IP versions 11.6.1 through 11.6.3.4 BIG-IP versions 12.1.0 through 12.1.4 BIG-IP versions 13.0.0 through 13.1.1.4 BIG-IP versions 14.0.0 through 14.0.0.4 BIG-IP versions 14.1.0 through 14.1.0.5...

CVE-2019-6605

On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed sequence of packets received by an SSL virtual server and processed by an associated Client SSL or Server SSL profile may cause a denial of service...

Cross site scripting

On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS...

CVE-2018-5522

On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash...

CVE-2018-5525

A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive...