An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service (Redis) information to li-admin users. This can lead to privilege escalation. More information : https://servicedesk.logpoint.com/hc/en-us/articles/29160917867549-Redis-communication-exposed-for-internal-communication
An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability. More information : https://servicedesk.logpoint.com/hc/en-us/articles/29158899698333-XSS-Vulnerability-due-to-insufficient-input-validation
ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the “Image Gallery”, leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit can be triggered when any...
Mattermost versions 11.0.x
Mattermost versions 11.0.x
Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9. More information : https://devolutions.net/security/advisories/DEVO-2025-0018/
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8. More information : https://devolutions.net/security/advisories/DEVO-2025-0018/
SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8. More information : https://devolutions.net/security/advisories/DEVO-2025-0018/
Mattermost versions 10.12.x
Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool vulnerable to a shell command injection attacks. In order to exploit this vulnerability, an attacker has to log in to the...
The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping....
The application contains an insecure ‘redirectToUrl’ mechanism that incorrectly processes the value of the ‘redirectUrlParameter’ parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform...
The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the ‘wcp_change_post_folder’ function...
In Apache CloudStack, a gap in access control checks affected the APIs – createNetworkACL – listNetworkACLs – listResourceDetails – listVirtualMachinesUsageHistory – listVolumesUsageHistory While these APIs were accessible only to authorized users, insufficient permission validation...