Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. A stored cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated...

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. A server-side request forgery SSRF vulnerability in the IKEv2 implementation of Palo Alto Networks PAN- OS software allo...

Drupal 10.5.x < 10.5.9 / 10.6.x < 10.6.7 / 11.2.x < 11.2.11 / 11.3.x < 11.3.7 Multiple Vulnerabilities (drupal-2026-04-15)

According to its self-reported version, the instance of Drupal running on the remote web server is 10.5.x prior to 10.5.9, 10.6.x prior to 10.6.7, 11.2.x prior to 11.2.11, or 11.3.x prior to 11.3.7. It is, therefore, affected by multiple vulnerabilities. - Drupal core's jQuery integration for AJA...

SUSE CVE-2026-26233

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of service server crash and restart via HTTP/2 single packet attack with 100+ parallel login requests...

SUSE CVE-2026-2456

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 Mattermost fails to limit the size of responses from integration action endpoints, which allows an authenticated attacker to cause server memory exhaustion and denial of service via a malicious integration server that return...

SUSE CVE-2026-25783

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586...

EUVD-2026-15806

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to properly validate CSRF tokens in the /api/v4/accesscontrolpolicies/policyid/activate endpoint, which allows an attacker to trick an admin into changing access control policy active status via a craft...

CVE-2026-26304

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2 fail to verify runcreate permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542...

CVE-2026-26304 Permission Bypass in Playbook Run Creation

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2 fail to verify runcreate permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542...

GHSA-M5RV-56XX-HFC6 Mattermost fails to properly handle very long passwords

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly handle very long passwords, which allows an attacker to overload the server CPU and memory via executing login attempts with multi-megabyte passwords. Mattermost Advisory ID: MMSA-2026-00587...

CVE-2026-24458 DoS attack via login attempts with multi-megabyte passwords

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly handle very long passwords, which allows an attacker to overload the server CPU and memory via executing login attempts with multi-megabyte passwords. Mattermost Advisory ID: MMSA-2026-00587...

CVE-2026-26246

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing PSD image files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted PSD file. Mattermost Advisory I...

CVE-2026-2456

Mattermost is affected by CVE-2026-2456 due to an unbounded memory allocation when handling responses from integration action endpoints. A authenticated attacker can cause server memory exhaustion and a denial of service by having a malicious integration server return an arbitrarily large respons...

PT-2026-25759

Mattermost fails to properly enforce read permissions in search API endpoints in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

PT-2026-25809

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msgpack frames within websocket messages to calls plugin. Mattermost Advisory ID:...

Palo Alto Networks PAN-OS 11.2.x < 11.2.10 / 12.1.x < 12.1.4 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 11.2.x prior to 11.2.10 or 12.1.x prior to 12.1.4. It is, therefore, affected by a vulnerability. A denial-of-service DoS vulnerability in the Advanced DNS Security ADNS feature of Palo Alto Networks PAN-OS software enables an...

Grafana 11.3.x < 11.3.0+security-01 Incorrect Privilege Assignment

According to its self-reported version, the Grafana install hosted on the remote host is 11.2.x earlier than 11.2.3+security-01, or 11.3.x earlier than 11.3.0+security-01. It is, therefore, affected by a incorrect privilege assignment vulnerability. Note that the scanner has not tested for these...

Grafana 11.2.x < 11.2.3+security-01 Incorrect Privilege Assignment

According to its self-reported version, the Grafana install hosted on the remote host is 11.2.x earlier than 11.2.3+security-01, or 11.3.x earlier than 11.3.0+security-01. It is, therefore, affected by a incorrect privilege assignment vulnerability. Note that the scanner has not tested for these...

CVE-2024-51466

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language EL Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a...

CVE-2024-45082

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displaye...