Mattermost doesn't limit the size of the request body on the start meeting API endpoint

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a crafted oversized HTTP POST request to...

EUVD-2026-30751

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check public/private permissions which allows members without these permissions to access public playbooks via /get.. Mattermost Advisory ID: MMSA-2026-00591...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost 11.5.1 and earlier, including 11.5.x, have security vulnerabilities. These vulnerabilities stem from the lack of verification of channel members when processing AI-assisted...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the authentication process. An attacker can gain unauthorized access to multiple authenticated...

CVE-2025-46752

A insertion of sensitive information into log file in Fortinet FortiDLP 12.0.0 through 12.0.5, 11.5.1, 11.4.6, 11.4.5 allows attacker to information disclosure via re-using the enrollment code...

EUVD-2018-11268

Malware in sbrugna...

EUVD-2018-11269

Malware in sbrugna...

EUVD-2019-16190

Malware in sbrugna...

EUVD-2019-16185

Malware in sbrugna...

EUVD-2019-16164

Malware in sbrugna...

EUVD-2019-5878

Malware in sbrugna...

EUVD-2019-16153

Malware in sbrugna...

CVE-2019-14731

An issue was discovered in ZenTao 11.5.1. There is an XSS stored vulnerability that leads to the capture of other people's cookies via the Rich Text Box...

Keyfactor Command 安全漏洞

Keyfactor Command is a PKI and machine identity automation application from Keyfactor. A security vulnerability exists in Keyfactor Command versions prior to 10.5.1 and prior to 11.5.1, which stems from susceptibility to SQL injection attacks that could lead to code execution and elevation of...

Sipwise C5 NGCP Dashboard 安全漏洞

Sipwise C5 NGCP Dashboard is a management interface from Sipwise that is used to manage and monitor various features and services of the Sipwise C5 Next Generation Communication Platform NGCP. A security vulnerability exists in Sipwise C5 NGCP Dashboard versions prior to mr11.5.1, which stems fro...

RosarioSIS 跨站脚本漏洞

RosarioSIS is a free and open source student information system. It is used to manage students, create reports and make sound decisions. A cross-site scripting vulnerability exists in RosarioSIS version 11.5.1, which stems from the inclusion of some unknown processing in the component Add Portal...

PT-2024-24026 · Francoisjacquet · Rosariosis

Name of the Vulnerable Software and Affected Versions: francoisjacquet RosarioSIS version 11.5.1 Description: A disputed issue affects the Add Portal Note component, leading to cross-site scripting. The attack can be initiated remotely. The vendor notes that the PDF is opened by the browser app i...

CVE-2019-5542

CVE-2019-5542 affects VMware Workstation 15.x (before 15.5.1) and VMware Fusion 11.x (before 11.5.1). It is a denial‑of‑service vulnerability in the RPC handler that can be exploited by a user with normal privileges to cause a DoS on their own VM. VMware provides fixed versions: Workstation 15.5....

CVE-2019-5541

CVE-2019-5541 describes an out-of-bounds write in the e1000e virtual network adapter affecting VMware Workstation 15.x before 15.5.1 and VMware Fusion 11.x before 11.5.1. The root cause is improper handling in the e1000e device, enabling potential host code execution from the guest or a denial-of...