CVE-2023-43754

Mattermost fails to check whether the “Allow users to view archived channels” setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled...

EUVD-2024-24364

Malicious code in bioql PyPI...

CVE-2024-27112

A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in version 1.52.02...

SUSE CVE-2025-27571

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to check the "Allow Users to View Archived Channels" configuration when fetching channel metadata of a post from archived channels, which allows authenticated users to access such information when a channel is archived...

CVE-2024-27114

A unauthenticated Remote Code Execution RCE vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the...

CVE-2024-27112

A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in version 1.52.02...

CVE-2024-27113 Insecure Direct Object Reference to export Database in SOPlanning before 1.52.02

An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...

PT-2024-21656 · Unknown · Soplanning

Name of the Vulnerable Software and Affected Versions: SO Planning versions prior to 1.52.02 Description: A Remote Code Execution RCE vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, an attacker can upload a PHP-file that will be available for...

CVE-2023-40535

Stored cross-site scripting vulnerability in View setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script...

CVE-2023-40535

Stored cross-site scripting vulnerability in View setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script...

PT-2023-27501 · Unknown · Vi Web Client

Name of the Vulnerable Software and Affected Versions: VI Web Client versions prior to 7.9.6 Description: A stored cross-site scripting issue in the View setting page of VI Web Client allows a remote authenticated attacker to inject an arbitrary script. Recommendations: For versions prior to 7.9....