GHSA-MPC7-MM28-F6WQ Mattermost allows authenticated guest users to enumerate user IDs outside their allowed visibility scope

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to apply view restrictions when retrieving group member IDs, which allows authenticated guest users to enumerate user IDs outside their allowed visibility scope via the group retrieval endpoint...

File Inclusion node-tar Dependency in Jira Software Data Center

This High severity File Inclusion vulnerability was introduced in versions 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.1 of Jira Software Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2 and a CVS...

CVE-2025-67813

Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...

CVE-2025-67813

Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...

PT-2026-2270

Name of the Vulnerable Software and Affected Versions Quest KACE Desktop Authority versions through 11.3.1 Description Quest KACE Desktop Authority through version 11.3.1 has insecure permissions on the Named Pipes used for inter-process communication. Named Pipes are used to enable communication...

Exploit for Authentication Bypass by Primary Weakness in Crushftp

CVE-2025-31161 is a critical severity vulnerability allowing att...

EUVD-2021-1435

Malware in sbrugna...

EUVD-2023-55613

Malicious code in bioql PyPI...

Apple多款产品 安全漏洞

Apple iOS and others are products of Apple Inc. Apple iOS is an operating system developed for mobile devices. apple tvOS is an operating system for smart TVs. apple macOS is a specialized operating system developed for Mac computers. A security vulnerability exists in a variety of Apple products...

CVE-2023-50880

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in The BuddyPress Community BuddyPress allows Stored XSS.This issue affects BuddyPress: from n/a through 11.3.1...

CVE-2022-21559

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce component: Dynamo Application Framework. Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle...

CVE-2025-21576

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce component: Dynamo Personalization Server. Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

Oracle Commerce 安全漏洞

Oracle Commerce is a suite of e-commerce solutions from Oracle Corporation, of which Commerce Platform is one component that provides a versatile e-commerce platform. A security vulnerability exists in Oracle Commerce's Commerce Platform versions 11.3.0, 11.3.1, and 11.3.2, which stems from...

CrushFTP 安全漏洞

CrushFTP is a file transfer server from CrushFTP, Inc. A security vulnerability exists in CrushFTP version 10.x prior to 10.8.4 and version 11.x prior to 11.3.1, which stems from an authentication bypass vulnerability that could lead to account takeover...

Apple Security Update: watchOS 11.3.1

Apple recommends to install security update watchOS 11.3.1 on devices Apple Watch Series 6 and later...

About the security content of watchOS 11.3.1

About the security content of watchOS 11.3.1 This document describes the security content of watchOS 11.3.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

Security Bulletin: IBM Event Streams is vulnerable to HTTP request smuggling (CVE-2023-40167)

Summary IBM Event Streams is vulnerable to HTTP request smuggling due to Jetty component. Jetty provides client-side libraries that allow us to embed an HTTP or WebSocket client in our applications. Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is vulnerable to HTTP request...

PT-2023-31701 · Unknown · Buddypress

Name of the Vulnerable Software and Affected Versions: BuddyPress versions prior to 11.3.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting'. This allows for Stored XSS in the BuddyPress Community. Recommendation...

CVE-2018-17452

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery SSRF via a loopback address to the validatelocalhost function in urlblocker.rb...

CVE-2018-17449

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference...