EUVD-2026-30758

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking window.close in the renderer context, leading to...

CVE-2026-4643 Calling window.close() from server-side content causes crash in the Mattermost Desktop App

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking window.close in the renderer context, leading to...

PT-2026-41654

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking window.close in the renderer context, leading to...

EUVD-2023-40552

Malicious code in bioql PyPI...

BigBlueButton Information Disclosure Vulnerability (CNVD-2022-82638)

BigBlueButton is an open source Web conferencing system from the BigBlueButton community.BigBlueButton suffers from an information disclosure vulnerability that stems from the lack of information protection measures and access controls for service meeting announcement chat messages.An attacker...

Information Disclosure Through Authorization Bypass

undertow-core is vulnerable to information disclosure attacks through authorization bypass. The vulnerability exists as undertow-core does not validate the uri attribute in the Authorization header, allowing a man-in-the-middle MitM attacker to provide a bogus uri and accessing other content on t...

Mail.ru: XSS on account.mail.ru/login

Уязвимость на станице https://account.mail.ru/login и подготовка файлов для атаки --------------------- В процессе исследования заметил, что на странице https://account.mail.ru/login не валидируется значение параметра v. Значение выводится на странице как есть и используется в пути до скрипта...

Design/Logic Flaw

A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability whic...

UBUNTU-CVE-2017-5533

A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability whic...

CVE-2006-5548

PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System OTSCMS 2.0.0 through 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSconfigdirectoriesclasses parameter...

CVE-2006-5547

The CVE-2006-5547 entry concerns OTSCMS (Open Tibia Server Content Management System) versions 1.0.0 through 1.0.3. A PHP remote file inclusion flaw exists in OTSCMS.php via a crafted URL assigned to GLOBALS[config][otscms][directories][includes], enabling an attacker to execute arbitrary PHP cod...

Liferay Enterprise Portal 1.x2.x5.0.2 - Multiple Cross-Site Scripting Vulnerabilities

Liferay Enterprise Portal 1.x2.x5.0.2 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/10402/info It has been reported that Liferay Enterprise Portal is susceptible to multiple cross-site scripting and HTML injection vulnerabilities. User-supplied data fro...