pgAdmin 安全漏洞

pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Version 9.11 of pgAdmin has a security vulnerability, which stems from a possible bypass of recovery restrictions, potentially leading to command execution...

[SECURITY] Fedora 43 Update: pgadmin4-9.11-1.fc43

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

Mattermost Server 9.11.x < 9.11.17 / 10.5.x < 10.5.8 (MMSA-2025-00474)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00474 advisory. - Mattermost versions 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invi...

Mattermost Server 9.11.x < 9.11.12 / 10.5.x < 10.5.3 Multiple Vulnerabilities (MMSA-2025-00455, MMSA-2025-00456)

The version of Mattermost Server installed on the remote host is prior to 9.11.12 or 10.5.3. It is, therefore, affected by multiple vulnerabilities as referenced in the MMSA-2025-0045500456 advisory. - Mattermost versions 10.5.x = 10.5.2, 9.11.x = 9.11.11 failed to properly verify a user's...

CVE-2025-1472

Mattermost versions 9.11.x = 9.11.8 fail to properly perform authorization of the Viewer role which allows an attacker with the Viewer role configured with No Access to Reporting to still view team and site statistics...

CVE-2025-1472

Mattermost versions 9.11.x = 9.11.8 fail to properly perform authorization of the Viewer role which allows an attacker with the Viewer role configured with No Access to Reporting to still view team and site statistics...

PT-2025-6788 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.6 Description: The issue allows an attacker to infer user IDs and other metadata from deleted direct messages DMs if someone had manually marked DMs as deleted in the database. This is possible because...

CVE-2024-36250 MFA Code Replay

Mattermost versions 9.11.x = 9.11.2, and 9.5.x = 9.5.10 fail to protect the mfa code against replay attacks, which allows an attacker to reuse the MFA code within 30 seconds...

CVE-2024-46872

Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks...

CVE-2024-50052

Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to check that the origin of the message in an integration action matches with the original post metadata which allows an authenticated user to delete an arbitrary post...

CVE-2024-47003

Mattermost versions 9.11.x = 9.11.0 and 9.5.x = 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend...

PT-2024-3926 · Unknown +2 · Mojolicious +2

Name of the Vulnerable Software and Affected Versions: Mojolicious module versions prior to 9.11 Description: The issue is related to a bug in the format detection component of the Mojolicious module for Perl, which is associated with errors in resource release. This can potentially be exploited ...

Design/Logic Flaw

If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and...

OpServices OpMon 跨站脚本漏洞

OpServices OpMon is IT infrastructure monitoring software from OpServices Brazil. It can help your organization manage events in an automated manner.OpServices OpMon version 9.11 has a cross-site scripting vulnerability that can be exploited by attackers to execute JavaScript code on the client...

ISC BIND Multiple DoS Vulnerabilities (CVE-2020-8622, CVE-2020-8623) - Linux

ISC BIND is prone to multiple denial of service vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2019-6471 A race condition when discarding malformed packets can cause BIND to exit with an assertion failure

A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 - 9.11.7, 9.12.0 - 9.12.4-P1, 9.14.0 - 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of...

CVE-2019-6471

A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 - 9.11.7, 9.12.0 - 9.12.4-P1, 9.14.0 - 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of...

TikiWiki Calendar RCE Vulnerability - Active Check

Tiki Wiki CMS Groupware is prone to a remote code execution RCE vulnerability SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Tiki Wiki CMS Calendar 14.2 / 12.5 LTS / 9.11 LTS / 6.15 - Remote Code Execution

Exploit for php platform in category web applications Exploit Title: Tiki-Calendar-RCE Google Dork: inurl:tiki-calendar.php Date: 2015-12-16 Exploit Author: Dany Ouellet Vendor Homepage: https://tiki.org/article414-Important-Security-Fix-for-all-versions-of-Tiki Software Link:...