Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 11.1.0 and prior to 11.1.x, 11.0.5 and prior to 11.0.x, 10.12.3 and prior to 10.12.x, and 10.11.7 and prior to 10.11.x. The vulnerability stems fr...

CVE-2025-62190

Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 and Mattermost Calls versions =1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious...

EUVD-2025-203892

Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 and Mattermost Calls versions =1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious...

CVE-2025-12756

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from insufficient validation of code exchange tokens, which could lead to account takeover. The following versions are affected: version 11.0.2...

GHSA-FF85-QW3H-G9VP Mattermost allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to validate the relationship between the post being updated and the MSTeams plugin OAuth flow which allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL...

Mattermost allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to validate the relationship between the post being updated and the MSTeams plugin OAuth flow which allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL...

CVE-2025-55073

Mattermost Server contains CVE-2025-55073: versions 10.11.x (<=10.11.3), 10.5.x (<=10.5.11), and 10.12.x (

EUVD-2025-186555

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to validate the relationship between the post being updated and the MSTeams plugin OAuth flow which allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL...

EUVD-2022-30717

Malicious code in bioql PyPI...

ownCloud 安全漏洞

ownCloud is a suite of personal cloud storage solutions from the US-based company ownCloud. A security vulnerability exists in version 10.12 and earlier versions of ownCloud that stems from the presence of cross-site request forgery, allowing an unauthenticated attacker to forge requests...

CVE-2023-25757

Improper access control in some IntelR UnisonTM software before version 10.12 may allow a privileged user to potentially enable escalation of privilege via network access...

CVE-2021-44519

In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution...

PT-2021-7039 · Citrix · Citrix Xenmobile Server

Name of the Vulnerable Software and Affected Versions: Citrix XenMobile Server versions through 10.12 RP9 Description: The issue exists due to incorrect restriction of the path name to a directory with limited access. This can allow a remote attacker to execute arbitrary code. The vulnerability i...

Security update for postgresql96, postgresql10 and postgresql12 (moderate)

openSUSE Security Update: Security update for postgresql96, postgresql10 and postgresql12 Announcement ID: openSUSE-SU-2020:1227-1 Rating: moderate References: 1091610 1104199 1104202 1134689 1145092 1148643 1163985 1171924 1175194 Cross-References: CVE-2018-10915 CVE-2018-10925 CVE-2018-1115...

PostgreSQL < 9.4.26, 9.5.x < 9.5.21, 9.6.x < 9.6.17, 10.x < 10.12, 11.x < 11.7, 12.x < 12.2 Authorization Check Vulnerability - Windows

PostgreSQL is prone to an authorization check vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PostgreSQL < 9.4.26, 9.5.x < 9.5.21, 9.6.x < 9.6.17, 10.x < 10.12, 11.x < 11.7, 12.x < 12.2 Authorization Check Vulnerability - Linux

PostgreSQL is prone to an authorization check vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SUSE-SU-2020:0715-1 Security update for postgresql10

This update for postgresql10 fixes the following issues: PostgreSQL was updated to version 10.12. Security issue fixed: - CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension bsc1163985...

ALPINE-CVE-2020-1720

A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issu...

Apple Mac OS X Security Updates (HT210348)-04

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...