CVE-2025-8099

CVE-2025-8099 affects GitLab CE/EE versions prior to 18.6.6 (from 10.8), 18.7 prior to 18.7.4, and 18.8 prior to 18.8.4. Under certain conditions, unauthenticated users could trigger denial of service by sending repeated GraphQL queries. The issue’s remediation is to upgrade to the patched releas...

EUVD-2020-5605

Malware in sbrugna...

EUVD-2018-2723

Malware in sbrugna...

EUVD-2018-2720

Malware in sbrugna...

EUVD-2022-53355

Malicious code in bioql PyPI...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 10.8.3 and prior to 10.8.x, 10.5.8 and prior to 10.5.x, 9.11.17 and prior to 9.11.x, 10.10.0 and prior to 10.10.x, and 10.9.3 and prior to 10.9.x,...

CVE-2025-6226

Mattermost versions 10.5.x = 10.5.6, 10.8.x = 10.8.1, 10.7.x = 10.7.3, 9.11.x = 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't have access to via guessing the PendingPostID of...

CVE-2019-20144

An issue was discovered in GitLab Community Edition CE and Enterprise Edition EE 10.8 through 12.6.1. It has Incorrect Access Control...

PT-2025-26325 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.5.x through 10.5.5 Mattermost versions 9.11.x through 9.11.15 Mattermost versions 10.8.x through 10.8.0 Mattermost versions 10.7.x through 10.7.2 Mattermost versions 10.6.x through 10.6.5 Description: The issue arises...

CVE-2025-26884

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows Stored XSS.This issue affects Greenshift: from n/a through = 10.8...

CVE-2025-26884

CVE-2025-26884 describes a Stored XSS in Greenshift’s animation and page builder blocks. The WordPress ecosystem entry shows Greenshift

CVE-2025-26884 WordPress Greenshift plugin <= 10.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows Stored XSS.This issue affects Greenshift: from n/a through = 10.8...

WordPress plugin Greenshift 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

BIT-GITLAB-2020-13345

An issue has been discovered in GitLab affecting all versions starting from 10.8. Reflected XSS on Multiple Routes...

PT-2024-14855 · Microsoft +1 · Windows Installer +1

Name of the Vulnerable Software and Affected Versions: Thales SafeNet Authentication Client versions prior to 10.8 R10 Description: A flaw in the Windows Installer in Thales SafeNet Authentication Client allows an attacker to escalate their privilege level via local access. Recommendations: For...

PT-2024-13297 · Classlink · Classlink Oneclick Extension

Name of the Vulnerable Software and Affected Versions: ClassLink OneClick Extension versions through 10.8 Description: A Universal Cross Site Scripting UXSS issue allows remote attackers to inject JavaScript into any webpage. This issue exists due to an incomplete fix for a previous problem...

SUSE CVE-2022-32086

MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Itemfield::fixouterfield...

Jellyfin Web Cross-Site Scripting (XSS) via Collection Name

In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim...

CVE-2023-23635

In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim...

CVE-2023-23635

Jellyfin 10.8.x through 10.8.3 is affected by a stored XSS in the name of a collection that can exfiltrate the victim’s access tokens from localStorage. This is documented across multiple sources (NVD, Red Hat, GHSA, OSV, etc.). The vulnerability impact is limited to confidentiality through token...