EUVD-2025-6977

Malicious code in bioql PyPI...

CVE-2022-41319

A Reflected Cross-Site Scripting XSS vulnerability affects the Veritas Desktop Laptop Option DLO application login page aka the DLOServer/restore/login.jsp URI. This affects versions before 9.8 e.g., 9.1 through 9.7...

LoLLMS Code Injection vulnerability

A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's eval function to evaluate mathematical expressions within a Python sandbox that disables builtins and only allows functions from the math module...

CVE-2024-6982

A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's eval function to evaluate mathematical expressions within a Python sandbox that disables builtins and only allows functions from the math module...

CVE-2024-6986 Cross-site Scripting (XSS) in parisneo/lollms-webui

A Cross-site Scripting XSS vulnerability exists in the Settings page of parisneo/lollms-webui version 9.8. The vulnerability is due to the improper use of the 'v-html' directive, which inserts the content of the 'fulltemplate' variable directly as HTML. This allows an attacker to execute maliciou...

CVE-2024-6986 Cross-site Scripting (XSS) in parisneo/lollms-webui

A Cross-site Scripting XSS vulnerability exists in the Settings page of parisneo/lollms-webui version 9.8. The vulnerability is due to the improper use of the 'v-html' directive, which inserts the content of the 'fulltemplate' variable directly as HTML. This allows an attacker to execute maliciou...

CVE-2024-6986

The CVE-2024-6986 entry concerns parisneo/lollms-webui (v9.8). A Cross-site Scripting (XSS) flaw arises from improper use of the v-html directive, which renders the full_template variable as HTML on the Settings page. An attacker can inject JavaScript by supplying a payload in the System Template...

CVE-2024-6982

Parisneo/lollms v9.8 exposes a remote code execution vulnerability in the Calculate function. The flaw stems from evaluating user-supplied expressions with Python eval() inside a sandbox that disables builtins and only permits math.*. An attacker can bypass the sandbox by loading the os module vi...

IBM DB2 SEoL (9.8.x)

According to its version, IBM DB2 is 9.8.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C Tenable,...

PT-2024-17506 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.7.x through 9.7.5 Mattermost versions 9.8.x through 9.8.2 Mattermost versions 9.9.x through 9.9.2 Description: The issue arises from the failure to properly propagate permission scheme updates across cluster nodes. This...

CVE-2024-6959 Denial of Service (DOS) in multipart boundary while uploading file in parisneo/lollms-webui

A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service DOS attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering lollms-webui...

BIT-MATTERMOST-2024-41144

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels...

GHSA-5263-PM2H-M7HW Mattermost doesn't restrict which roles can promote a user as system admin

Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0 and 9.8.x = 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to the permissions section of system console to update their role e.g. member to include the managesystem...

GHSA-HRF9-RM95-FPF3 Mattermost Cross-Site Request Forgery vulnerability

Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0, 9.8.x = 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in User Management page of the system console...

Mattermost Cross-Site Request Forgery vulnerability

Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0, 9.8.x = 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in User Management page of the system console...

Mattermost doesn't restrict which roles can promote a user as system admin

Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0 and 9.8.x = 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to the permissions section of system console to update their role e.g. member to include the managesystem...

CVE-2024-8071

Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0 and 9.8.x = 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to the permissions section of system console to update their role e.g. member to include the managesystem...

CVE-2024-39836

Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0 and 9.8.x = 9.8.2 fail to ensure that remote/synthetic users cannot create sessions or reset passwords, which allows the munged email addresses, created by shared channels, to be used to receive email notifications and to reset...

CVE-2024-8071

CVE-2024-8071 affects Mattermost Server versions 9.9.x ≤ 9.9.1, 9.5.x ≤ 9.5.7, 9.10.x ≤ 9.10.0, and 9.8.x ≤ 9.8.2. The issue is a failure to restrict which roles can promote a user to system admin, allowing a System Role with edit access to the permissions section of the system console to update ...

CVE-2024-39836

Mattermost server vulnerable versions: 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, and 9.8.x