ROOT-OS-UBUNTU-2204-CVE-2025-39693 CVE-2025-39693 in rootio-linux - Patched by Root

Root has patched CVE-2025-39693 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2204-CVE-2025-38359 CVE-2025-38359 in rootio-linux - Patched by Root

Root has patched CVE-2025-38359 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2025-38153 CVE-2025-38153 in rootio-linux - Patched by Root

Root has patched CVE-2025-38153 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-13-CVE-2025-38556 CVE-2025-38556 in rootio-linux - Patched by Root

Root has patched CVE-2025-38556 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

CVE-2026-22880

Mattermost Mobile Apps versions =2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO...

RockyLinux 8 : grub2 (RLSA-2025:3367)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:3367 advisory. grub2: net: Out-of-bounds write in grubnetsearchconfigfile CVE-2025-0624 Tenable has extracted the preceding description block directly from the RockyLinux securi...

PT-2026-42432

Mattermost Mobile Apps versions =2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO...

RHCOS 4 : OpenShift Container Platform 4.19.11 (RHSA-2025:15291)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:15291 advisory. - net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Note that Nessus has not tested for this...

TencentOS Server 3: rsync (TSSA-2026:0253)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0253 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

RHSA-2025:8482

creationtimestamp| type| source ---|---|--- 2026-04-22 13:15:32+00:00| seen| Telegram/YPnShX-Sf1dcZiYy4mQ8RUtY6bJ9zloml3KU4dFfq-qF8yY...

CVE-2026-24692

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly enforce read permissions in search API endpoints which allows guest users without read permissions to access posts and files in channels via search API requests. Mattermost Advisory ID: MMSA-2025-00554...

CVE-2026-26230

Mattermost versions 10.11.x = 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mattermost Advisory ID: MMSA-2025-00531...

CVE-2026-26304

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2 fail to verify runcreate permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542...

GHSA-CWFJ-642J-GFH4 Mattermost fails to properly enforce read permissions in search API endpoints

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly enforce read permissions in search API endpoints which allows guest users without read permissions to access posts and files in channels via search API requests. Mattermost Advisory ID: MMSA-2025-00554...

Mattermost Boards Plugin fails to implement authorisation checks on comment block modifications

Mattermost Plugins versions =11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559...

CVE-2026-24692

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly enforce read permissions in search API endpoints which allows guest users without read permissions to access posts and files in channels via search API requests. Mattermost Advisory ID: MMSA-2025-00554...

CVE-2026-24692 Guest users can bypass read permissions via search API

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly enforce read permissions in search API endpoints which allows guest users without read permissions to access posts and files in channels via search API requests. Mattermost Advisory ID: MMSA-2025-00554...

CVE-2026-4265

Mattermost CVE-2026-4265 affects Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, and 10.11.x

CVE-2026-2458 Unauthorized channel enumeration in private teams after member removal

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate team membership when searching channels which allows a removed team member to enumerate all public channels within a private team via the channel search API endpoint.. Mattermost Advisory ID:...

CVE-2026-2461

Mattermost Plugins versions