Aggregator

最近的攻防演练中经常遇到jeecgboot，故整理一篇漏洞总结文章方便日后查阅，并且根据tscan脚本规则编写了其中一部分的poc。

最近的攻防演练中经常遇到jeecgboot，故整理一篇漏洞总结文章方便日后查阅，并且根据tscan脚本规则编写了其中一部分的poc。

最近的攻防演练中经常遇到jeecgboot，故整理一篇漏洞总结文章方便日后查阅，并且根据tscan脚本规则编写了其中一部分的poc。

强势围观

强势围观

强势围观

强势围观

强势围观

强势围观

强势围观

A vulnerability classified as critical was found in Mattermost up to 9.11.8/10.3.3/10.4.2/10.5.0. Affected by this vulnerability is an unknown functionality of the component Plugin Endpoint. The manipulation leads to missing authentication. This vulnerability is known as CVE-2025-25068. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Mattermost up to 9.11.8/10.3.3/10.4.2. Affected is an unknown function of the component Archived Channel Handler. The manipulation leads to incorrect authorization. This vulnerability is traded as CVE-2025-25274. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mattermost up to 9.11.8/10.3.3/10.4.2/10.5.0. It has been rated as problematic. This issue affects some unknown processing of the component Archived Channel Handler. The manipulation leads to incorrect authorization. The identification of this vulnerability is CVE-2025-24920. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mattermost up to 9.11.8/10.4.x. It has been declared as problematic. This vulnerability affects unknown code of the component Permalink Handler. The manipulation leads to incorrect authorization. This vulnerability was named CVE-2025-27715. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mattermost up to 9.11.8/10.3.3/10.4.2. It has been classified as problematic. This affects an unknown part of the component MFA. The manipulation leads to incorrect authorization. This vulnerability is uniquely identified as CVE-2025-30179. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mattermost up to 9.11.8/10.3.3/10.4.2 and classified as critical. Affected by this issue is some unknown functionality of the component Channel Conversion Handler. The manipulation leads to incorrect authorization. This vulnerability is handled as CVE-2025-27933. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2025-2153. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2025-2152. The attack may be initiated remotely. Furthermore, there is an exploit available.

关基运营者需履行更高安全要求

美国网络司令部演练网络攻防行动与联合行动的整合