GHSA-MPC7-MM28-F6WQ Mattermost allows authenticated guest users to enumerate user IDs outside their allowed visibility scope

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to apply view restrictions when retrieving group member IDs, which allows authenticated guest users to enumerate user IDs outside their allowed visibility scope via the group retrieval endpoint...

CVE-2026-25783

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.3.0 and earlier 11.3.x series, 11.2.2 and earlier 11.2.x series, as well as 10.11.10 and earlier 10.11.x series, have security vulnerabilities. These vulnerabilities...

CVE-2021-32689

Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used username, they could get access to any chat message sent to the previous user with this username. The issue was patched in versions 11.2.2 and...

CVE-2024-29197 Pimcore Preview Documents are not restricted to logged in users anymore

Pimcore is an Open Source Data & Experience Management Platform. Any call with the query argument ?pimcorepreview=true allows to view unpublished sites. In previous versions of Pimcore, session information would propagate to previews, so only a logged in user could open a preview. This no longer...

CVE-2024-29197

CVE-2024-29197 affects Pimcore (Open Source Data & Experience Management Platform). The issue allows viewing unpublished sites when the query parameter ?pimcore_preview=true is used, due to previews no longer being properly access-controlled. This could let an unauthenticated user access potentia...

MariaDB DoS Vulnerability (CVE-2023-22084) - Windows

MariaDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; if...

Adobe Connect Cross-Site Scripting Vulnerability (CNVD-2021-101533)

Adobe Connect is a suite of software for remote training, web conferencing, presentations and desktop sharing. A reflected cross-site scripting vulnerability exists in Adobe Connect 11.2.2 and earlier versions. An attacker could exploit this vulnerability to execute arbitrary code...

Adobe Connect 代码问题漏洞

Adobe Connect is a suite of software for remote training, web conferencing, presentations and desktop sharing. A deserialization of untrusted data vulnerability exists in Adobe Connect 11.2.2 and earlier versions. An attacker could exploit this vulnerability to execute arbitrary code...

Adobe Connect 跨站脚本漏洞

Adobe Connect is a suite of software for remote training, web conferencing, presentations and desktop sharing. A reflected cross-site scripting vulnerability exists in Adobe Connect 11.2.2 and earlier versions. An attacker could exploit this vulnerability to execute arbitrary code...

CVE-2021-36063

Adobe Connect version 11.2.2 and earlier is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing th...

CVE-2021-36061

Adobe Connect version 11.2.2 and earlier is affected by a secure design principles violation vulnerability via the 'pbMode' parameter. An unauthenticated attacker could leverage this vulnerability to edit or delete recordings on the Connect environment. Exploitation of this issue requires user...

Code injection

Adobe Connect version 11.2.2 and earlier is affected by a secure design principles violation vulnerability via the 'pbMode' parameter. An unauthenticated attacker could leverage this vulnerability to edit or delete recordings on the Connect environment. Exploitation of this issue requires user...

CVE-2021-36063 Adobe Connect Reflected Cross-site Scripting via 'isTabletDeviceHTML' parameter

Adobe Connect version 11.2.2 and earlier is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing th...

CVE-2021-36061 Adobe Connect Violation of Secure Design Principles Vulnerability Can Lead To Editing Or Deleting Recordings

Adobe Connect version 11.2.2 and earlier is affected by a secure design principles violation vulnerability via the 'pbMode' parameter. An unauthenticated attacker could leverage this vulnerability to edit or delete recordings on the Connect environment. Exploitation of this issue requires user...

CVE-2021-36062 Adobe Connect Reflected Cross-site Scripting via 'campaign-id' parameter

Adobe Connect version 11.2.2 and earlier is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious...

Adobe Connect 跨站脚本漏洞

Adobe Connect is an online video conferencing software. A reflected cross-site scripting vulnerability exists in Adobe Connect 11.2.2 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code...

Apple macOS 缓冲区错误漏洞

Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. A buffer error vulnerability exists in macOS that originates from a boundary condition within the ImageIO component. The following products and versions are affected: macOS: 11.0 20A2411, 11.0.1 20B29, 11.0.1...

Apple Safari 资源管理错误漏洞

Apple Safari is a web browser from Apple Inc. and is the default browser that comes with the Mac OS X and iOS operating systems. Safari suffers from a resource management error vulnerability that stems from improper resource management within Safari on macOS. The following products and versions a...

Apple Security Update: macOS Big Sur 11.2.2

Apple recommends to install security update macOS Big Sur 11.2.2 on devices macOS Big Sur 11.2.1...