Tagged: Cybersecurity Alert

UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability. More information : https://consumer.huawei.com/en/support/bulletin/2025/11/

An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability. More information : https://servicedesk.logpoint.com/hc/en-us/articles/29158899698333-XSS-Vulnerability-due-to-insufficient-input-validation

An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service (Redis) information to li-admin users. This can lead to privilege escalation. More information : https://servicedesk.logpoint.com/hc/en-us/articles/29160917867549-Redis-communication-exposed-for-internal-communication

An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load. More information : https://servicedesk.logpoint.com/hc/en-us/articles/29160993806749-Process-Data-Exposure-Under-High-Load

Mattermost versions 11.0.x

ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the “Image Gallery”, leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit can be triggered when any...

Mattermost versions 11.0.x

SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8. More information : https://devolutions.net/security/advisories/DEVO-2025-0018/

Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8. More information : https://devolutions.net/security/advisories/DEVO-2025-0018/

Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9. More information : https://devolutions.net/security/advisories/DEVO-2025-0018/

Mattermost versions 10.12.x

Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool vulnerable to a shell command injection attacks. In order to exploit this vulnerability, an attacker has to log in to the...

The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping....

The application contains an insecure ‘redirectToUrl’ mechanism that incorrectly processes the value of the ‘redirectUrlParameter’ parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform...