CVE-2026-25741

Zulip is an open-source team collaboration tool. Prior to commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpoint for creating a card update session during an upgrade flow was accessible to users with only organization member privileges. When the associated Stripe Checkout session is...

CVE-2025-59157

CVE-2025-59157 – Coolify Git Repository RCE . Multiple sources describe a command-injection flaw in Coolify prior to 4.0.0-beta.420.7, triggered by unsanitized input in the Git Repository field during project creation/deployment workflows. The issue allows an attacker with regular member privileg...

CVE-2023-2784 Apps Framework allows install requests from regular members via an internal path

Mattermost fails to verify if the requestor is a sysadmin or not, before allowing install requests to the Apps allowing a regular user send install requests to the Apps...

MyBB Downloads 2.0.3 Plugin - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: MyBB Downloads Plugin v2.0.3 - Persistent XSS Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=854 Version: 2.0.3 Tested on: Ubuntu 17.10 ...