Mattermost fails to verify if the requestor is a sysadmin or not, before allowing `install` requests to the Apps allowing a regular user send install requests to the Apps.Read More ...
Continue Reading
June 16, 2023
Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps.Read More ...
Continue Reading
June 16, 2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alexander Suess asMember plugin Read More ...
Continue Reading
June 16, 2023
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill Strong Testimonials plugin Read More ...
Continue Reading
June 16, 2023
Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via up ...
Continue Reading
June 16, 2023
Progress MOVEit Transfer has a privilege escalation vulnerability that can be addressed with DLL drop-in version 2023.0.3 (15.0.3) and other specific fixed versions (stated below). The availability da ...
Continue Reading
June 16, 2023
Thinking Software Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify ...
Continue Reading
June 16, 2023
L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000ââ¬â¢s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit t ...
Continue Reading
June 16, 2023
Back to Main
