Drupal 10.5.x < 10.5.9 / 10.6.x < 10.6.7 / 11.2.x < 11.2.11 / 11.3.x < 11.3.7 Multiple Vulnerabilities (drupal-2026-04-15)

According to its self-reported version, the instance of Drupal running on the remote web server is 10.5.x prior to 10.5.9, 10.6.x prior to 10.6.7, 11.2.x prior to 11.2.11, or 11.3.x prior to 11.3.7. It is, therefore, affected by multiple vulnerabilities. - Drupal core's jQuery integration for AJA...

CVE-2020-7486

VERSION NOT SUPPORTED WHEN ASSIGNED A vulnerability could cause TCM modules to reset when under high network load in TCM v10.4.x and in system v10.3.x. This vulnerability was discovered and remediated in version v10.5.x on August 13, 2009. TCMs from v10.5.x and on will no longer exhibit this...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from insufficient validation of code exchange tokens, which could lead to account takeover. The following versions are affected: version 11.0.2...

CVE-2025-58073

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the OAuth state...

Mattermost has a Missing Authorization vulnerability

Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...

CVE-2025-10545 Guest user can add unauthorized team users to private channels

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the /api/v4/channels/channelid/members endpoint...

CVE-2025-10545

Mattermost Server affected versions 10.5.x &lt;= 10.5.10 and 10.11.x

CVE-2025-41443

Mattermost Server versions 10.5.x &lt;= 10.5.12 and 10.11.x

EUVD-2019-8873

Malware in sbrugna...

EUVD-2020-28611

Malware in sbrugna...

EUVD-2019-8874

Malware in sbrugna...

EUVD-2025-25413

Malicious code in bioql PyPI...

EUVD-2025-30247

Malicious code in bioql PyPI...

EUVD-2025-25431

Malicious code in bioql PyPI...

Mattermost Server 10.5.x < 10.5.10 / 10.11.0 URL Redirection (MMSA-2025-00511)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00511 advisory. - Mattermost versions 10.5.x = 10.5.9 fail to properly validate redirect URLs which allows attackers to redirect users to malicious sites via crafted OAuth...

GHSA-F72G-52V7-MG3P Mattermost boards plugin fails to restrict download access to files

Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration...

CVE-2025-9084

Mattermost versions 10.5.x = 10.5.9 fail to properly validate redirect URLs which allows attackers to redirect users to malicious sites via crafted OAuth login URLs...

CVE-2025-9084 Open redirect in OAuth login

Mattermost versions 10.5.x = 10.5.9 fail to properly validate redirect URLs which allows attackers to redirect users to malicious sites via crafted OAuth login URLs...

CVE-2025-49810

Mattermost versions 10.5.x = 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts...

GHSA-PWVR-GRQG-7VP2 Mattermost Lack of Access Control Validation

Mattermost versions 10.5.x = 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts...