Mattermost Server 10.11.x < 10.11.17 / 11.5.x < 11.5.5 / 11.6.x < 11.6.2 Improper Authorization (MMSA-2026-00629)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2026-00629 advisory. - Mattermost Server fails to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team...

ROOT-OS-DEBIAN-13-CVE-2022-4055 CVE-2022-4055 in rootio-xdg-utils - Patched by Root

Root has patched CVE-2022-4055 in the rootio-xdg-utils package for Root:Debian:13. Multiple fixed versions available...

EUVD-2026-4055

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through = 3.6.32...

RockyLinux 9 : xdg-utils (RLSA-2025:7672)

The remote RockyLinux 9 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2025:7672 advisory. xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments CVE-2022-4055 Tenable has extracted the preceding...

ROOT-OS-DEBIAN-12-CVE-2022-4055 CVE-2022-4055 in rootio-xdg-utils - Patched by Root

Root has patched CVE-2022-4055 in the rootio-xdg-utils package for Root:Debian:12. Multiple fixed versions available...

AlmaLinux 9 : xdg-utils (ALSA-2025:7672)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:7672 advisory. xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments CVE-2022-4055 Tenable has extracted the preceding...

xdg-utils security update

1.1.3-13 - Update documentation for CVE-2022-4055 RHEL-87487 1.1.3-12 - Fix CVE-2022-4055 RHEL-87487...

Oracle Linux 9 : xdg-utils (ELSA-2025-7672)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-7672 advisory. - Update documentation for CVE-2022-4055 RHEL-87487 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

Moderate: Red Hat Security Advisory: xdg-utils security update

An update for xdg-utils is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Moderate: xdg-utils security update

The xdg-utils package is a set of simple scripts that provide basic desktop integration functions for any Free Desktop. Security Fixes: xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments CVE-2022-4055 For more details about the security issues...

ALSA-2025:7672 Moderate: xdg-utils security update

The xdg-utils package is a set of simple scripts that provide basic desktop integration functions for any Free Desktop. Security Fixes: xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments CVE-2022-4055 For more details about the security issues...

CVE-2025-4055

creationtimestamp| type| source ---|---|--- 2025-05-07 02:21:34+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15241 2025-05-07 04:26:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lokkl32jpy2o 2025-05-07 07:12:44+00:00| seen| https://t.me/cvedetector/24662...

CVE-2025-4055

CVE-2025-4055 affects the WordPress plugin Multiple Post Type Order (versions up to and including 1.10.0). It is a Stored Cross-Site Scripting flaw in the mpto shortcode caused by insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires authenticated ...

WordPress Multiple Post Type Order plugin <= 1.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mpto Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via mpto Shortcode vulnerability discovered by Gilang in WordPress Plugin Multiple Post Type Order versions = 1.10.0...

Linux Distros Unpatched Vulnerability : CVE-2022-4055

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that shou...

CVE-2022-4055 affecting package xdg-utils for versions less than 1.2.1-3

CVE-2022-4055 affecting package xdg-utils for versions less than 1.2.1-3. An upgraded version of the package is available that resolves this issue...

CVE-2022-4055 affecting package xdg-utils 1.1.3-7

CVE-2022-4055 affecting package xdg-utils 1.1.3-7. No patch is available currently...

RHEL 9 : xdg-utils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments...

RHEL 7 : xdg-utils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xdg-utils: local file inclusion vulnerability CVE-2020-27748 - xdg-utils: improper parse of mailto URIs...

Security Bulletin: Multiple vulnerabilities in moment.js affect IBM Storage Scale

Summary There are multiple vulnerabilities in moment.js, used by IBM Storage Scale HDFS transparency, which can cause a denial of service or allow a remote attacker to traverse directories on the system. CVE-2017-18214, CVE-2022-24785, CVE-2016-4055, CVE-2022-31129. Vulnerability Details...