37 matches found
EUVD-2026-9397
Dell PowerScale OneFS, versions 9.10.0.0 through 9.10.1.5 and versions 9.11.0.0 through 9.12.0.1, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechani...
CVE-2025-13780
CVE-2025-13780 affects pgAdmin up to 9.10 when running in server mode and performing restores from PLAIN-format dump files, enabling remote code execution by injecting commands on the pgAdmin server. The issue is triggered during server-mode restore operations and could compromise confidentiality...
Arbitrary Command Injection
Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Arbitrary Command Injection via the backup and restore processes when handling file path input with shell execution enabled. An attacker can execute arbitrary system commands by supplying specially crafted...
Denial of Service (DoS)
Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Denial of Service DoS via the username from the login form which inserted into the LDAP search filter without escaping. An attacker can cause the server and client to process excessive data by injecting...
LoLLMS Code Injection vulnerability
A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's eval function to evaluate mathematical expressions within a Python sandbox that disables builtins and only allows functions from the math module...
CVE-2024-6982
A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's eval function to evaluate mathematical expressions within a Python sandbox that disables builtins and only allows functions from the math module...
CVE-2024-6982
A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's eval function to evaluate mathematical expressions within a Python sandbox that disables builtins and only allows functions from the math module...
CVE-2024-6982 Remote Code Execution in Calculate Function in parisneo/lollms
A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's eval function to evaluate mathematical expressions within a Python sandbox that disables builtins and only allows functions from the math module...
CVE-2024-6982 Remote Code Execution in Calculate Function in parisneo/lollms
A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's eval function to evaluate mathematical expressions within a Python sandbox that disables builtins and only allows functions from the math module...
CVE-2024-46872
Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks...
CVE-2024-50052
Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to check that the origin of the message in an integration action matches with the original post metadata which allows an authenticated user to delete an arbitrary post...
Mattermost Server 9.5.x < 9.5.9 / 9.9.x < 9.9.3 / 9.10.x < 9.10.2 (MMSA-2024-00362)
The version of Mattermost Server installed on the remote host is prior to 9.5.9, 9.9.3, or 9.10.2. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00362 advisory. - Mattermost versions 9.10.x = 9.10.1, 9.9.x = 9.9.2, 9.5.x = 9.5.8 fail to limit access to channels file...
CVE-2024-9155
Mattermost versions 9.10.x = 9.10.1, 9.9.x = 9.9.2, 9.5.x = 9.5.8 fail to limit access to channels files that have not been linked to a post which allows an attacker to view them in channels that they are a member of...
CVE-2024-9155 Insufficient Authorization On Unlinked Channel Files
Mattermost versions 9.10.x = 9.10.1, 9.9.x = 9.9.2, 9.5.x = 9.5.8 fail to limit access to channels files that have not been linked to a post which allows an attacker to view them in channels that they are a member of...
GHSA-5263-PM2H-M7HW Mattermost doesn't restrict which roles can promote a user as system admin
Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0 and 9.8.x = 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to the permissions section of system console to update their role e.g. member to include the managesystem...
Mattermost doesn't restrict which roles can promote a user as system admin
Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0 and 9.8.x = 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to the permissions section of system console to update their role e.g. member to include the managesystem...
Mattermost Cross-Site Request Forgery vulnerability
Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0, 9.8.x = 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in User Management page of the system console...
GHSA-HRF9-RM95-FPF3 Mattermost Cross-Site Request Forgery vulnerability
Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0, 9.8.x = 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in User Management page of the system console...
CVE-2024-8071
Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0 and 9.8.x = 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to the permissions section of system console to update their role e.g. member to include the managesystem...
CVE-2024-39836
Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0 and 9.8.x = 9.8.2 fail to ensure that remote/synthetic users cannot create sessions or reset passwords, which allows the munged email addresses, created by shared channels, to be used to receive email notifications and to reset...