Mattermost Desktop < 5.13.5 / < 6.0.2 / < 6.1.1 Multiple Vulnerabilities (MMSA-2026-00618 / MMSA-2026-00633)

"The version of Mattermost Desktop installed on the remote host is affected by multiple vulnerabilities as referenced in the MMSA-2026-00618 and MMSA-2026-00633 advisories. - Mattermost Desktop App fails to prevent an invalid URL from loading in a pop-up window which allows a malicious server own...

CVE-2009-4643

Stack-based buffer overflow in dsInstallerService.dll in the Juniper Installer Service, as used in Juniper Odyssey Access Client 4.72.11421.0 and other products, allows remote attackers to execute arbitrary code via a long string in a malformed DSSETUPSERVICECMDUNINSTALL command to the...

PT-2025-48616

In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:...

@anjy7/navbar-cms (=0.0.5), @contentql/core (>=0.1.2 <=0.3.5) +17 more potentially affected by CVE-2025-4643 via @payloadcms/graphql (>=3.0.0-alpha.0 <=3.44.0-internal.6b79dc2)

@payloadcms/graphql NPM version =3.0.0-alpha.0, =0.1.2, =0.1.0, =3.0.0, =3.2.0, =0.2.0, =3.0.0-beta.10, =1.0.1, =0.1.0, =0.1.4, =1.0.0, =0.0.5, =0.0.1, =0.0.9-alpha.5, =0.0.5, =1.0.3 and more Source cves: CVE-2025-4643 Source advisory: OSV:GHSA-5V66-M237-HWF7...

@ainsleydev/payload-helper (>=0.0.1 <=0.0.32), @anjy7/navbar-cms (=0.0.5) +68 more potentially affected by CVE-2025-4643 via payload (>=0.12.3 <=3.35.1)

payload NPM version =0.12.3, =0.0.1, =1.0.1, =0.1.2, =0.1.1, =1.0.0, =1.0.6, =0.1.0, =1.0.0, =0.0.1, =0.0.17 - @mdxui/do =4.0.8 and more Source cves: CVE-2025-4643 Source advisory: OSV:GHSA-5V66-M237-HWF7...

@anjy7/navbar-cms (=0.0.5), @contentql/core (>=0.1.2 <=0.3.5) +14 more potentially affected by CVE-2025-4643 via @payloadcms/next (>=3.0.0-alpha.46 <=3.44.0-internal.6b79dc2)

@payloadcms/next NPM version =3.0.0-alpha.46, =0.1.2, =0.1.0, =3.2.0, =0.2.0, =0.1.0, =0.1.4, =1.0.0, =0.0.5, =0.0.1, =0.0.9-alpha.5, =0.0.5, =3.0.0-beta.3, =0.0.3, =1.0.0 and more Source cves: CVE-2025-4643 Source advisory: OSV:GHSA-5V66-M237-HWF7...

@anjy7/navbar-cms (=0.0.5), @contentql/core (>=0.1.2 <=0.3.5) +14 more potentially affected by CVE-2025-4643 +1 more via @payloadcms/next (>=3.0.0-alpha.46 <=3.44.0-internal.6b79dc2)

@payloadcms/next NPM version =3.0.0-alpha.46, =0.1.2, =0.1.0, =3.2.0, =0.2.0, =0.1.0, =0.1.4, =1.0.0, =0.0.5, =0.0.1, =0.0.9-alpha.5, =0.0.5, =3.0.0-beta.3, =0.0.3, =1.0.0 and more Source cves: CVE-2025-4643, CVE-2025-4644 Source advisory: OSV:GHSA-26RV-H2HF-3FW4...

@ainsleydev/payload-helper (>=0.0.3 <=0.0.32), @anjy7/navbar-cms (=0.0.5) +19 more potentially affected by CVE-2025-4643 via payload (>=3.0.0-alpha.46 <=3.35.1)

payload NPM version =3.0.0-alpha.46, =0.0.3, =0.1.0, =1.0.0, =1.0.0, =0.2.0, =3.1.1, =0.1.4, =1.0.0, =0.0.5, =0.0.1, =0.0.9-alpha.5, =0.0.5, =1.0.3 and more Source cves: CVE-2025-4643 Source advisory: SNYK:JS-PAYLOAD-12239898...

@ainsleydev/payload-helper (>=0.0.3 <=0.0.32), @anjy7/navbar-cms (=0.0.5) +19 more potentially affected by CVE-2025-4643 +1 more via payload (>=3.0.0-alpha.46 <=3.35.1)

payload NPM version =3.0.0-alpha.46, =0.0.3, =0.1.0, =1.0.0, =1.0.0, =0.2.0, =3.1.1, =0.1.4, =1.0.0, =0.0.5, =0.0.1, =0.0.9-alpha.5, =0.0.5, =1.0.3 and more Source cves: CVE-2025-4643, CVE-2025-4644 Source advisory: SNYK:JS-PAYLOAD-12239899...

CVE-2025-4643 Lack of JWT Expiration after Log Out in PayloadCMS

Payload uses JSON Web Tokens JWT for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date which is by default set to 2 hours, but can be changed. This issue has been fixed in version 3.44.0 of...

CVE-2014-4643

Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP servers to cause a denial of service application crash and possibly execute arbitrary code via a long string in a reply to a 1 USER, 2 PASS, 3 PASV, 4 SYST, 5 PWD, or 6 CDUP command...

CVE-2024-4643

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘endredirectlink’ parameter in versions up to, and including, 5.7.1 due to insufficient input sanitization and output...

CVE-2024-4643 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘endredirectlink’ parameter in versions up to, and including, 5.7.1 due to insufficient input sanitization and output...

CVE-2024-4643 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘endredirectlink’ parameter in versions up to, and including, 5.7.1 due to insufficient input sanitization and output...

CGA-4643-XQWM-G5HQ

Bulletin has no description...

CVE-2023-4643 Enable Media Replace < 4.1.3 - Author+ PHP Object Injection

The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2023-4643

CVE-2023-4643 affects the WordPress Enable Media Replace plugin prior to version 4.1.3. The vulnerability stems from the plugin unserializing user input via the Remove Background feature, which enables PHP Object Injection if a suitable gadget is present on the blog. Multiple sources (NVD/NVD-der...

CVE-2023-4643 Enable Media Replace < 4.1.3 - Author+ PHP Object Injection

The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog...

Rocky Linux 8 : .NET 7.0 (RLSA-2023:4643)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4643 advisory. - .NET and Visual Studio Remote Code Execution Vulnerability CVE-2023-35390 - .NET and Visual Studio Denial of Service Vulnerability CVE-2023-38180 Note...

CVE-2018-4643

Rejected reason: This candidate is unused by its CNA...