Lucene search
K

168 matches found

CVE
CVE
added 2025/11/06 3:55 p.m.17 views

CVE-2025-62046

CVE-2025-62046: WordPress TheGem Demo Import (for WPBakery) plugin up to version 5.10.5 has a Missing Authorization vulnerability that can lead to Arbitrary Content Deletion. Affected software: TheGem Demo Import (for WPBakery). Base CVSS v3.1 score: 6.5 (Medium). Connected sources confirm the is...

6.5CVSS6.6AI score0.00332EPSS
Exploits0References1
CVE
CVE
added 2025/11/06 3:55 p.m.10 views

CVE-2025-62012

CVE-2025-62012 affects WordPress TheGem (Elementor) theme and related TheGem elements: thegem-elementor. The vulnerability is caused by improper neutralization of input during web page generation, resulting in a Cross-Site Scripting (XSS) issue. Affected versions are

6.5CVSS6AI score0.00191EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.6 views

WordPress plugin TheGem (Elementor) 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that provides the ability to host a personal blog site on a PHP and MySQL based server. A cross-site scripting...

6.5CVSS5.9AI score0.00191EPSS
Exploits0References1
OSV
OSV
added 2025/11/05 10:4 a.m.12 views

RHSA-2025:19572 Red Hat Security Advisory: mariadb:10.5 security update

Bulletin has no description...

5.9CVSS6.1AI score0.01236EPSS
Exploits0References28
Oracle linux
Oracle linux
added 2025/11/05 12:0 a.m.6 views

mariadb:10.5 security update

galera 26.4.22-1 - Rebase to 26.4.22 Judy 1.0.5-18 - Remove README.Fedora; no longer needed since 1.0.5 version - Resolves: 1638717 1.0.5-17 - ldconfig scriptlets replaced by RPM File Triggers from Fedora 28 - Drop legacy BuildRoot: and Group: tags - Drop redundant explicit buildroot cleaning -...

6.8CVSS7AI score0.01236EPSS
Exploits0
EUVD
EUVD
added 2025/10/16 9:30 a.m.6 views

EUVD-2025-34730

Mattermost has an Observable Timing Discrepancy vulnerability...

3.1CVSS6.5AI score0.00246EPSS
Exploits0References4
OSV
OSV
added 2025/10/16 9:30 a.m.4 views

GHSA-424H-XJ87-M937 Mattermost has an Incorrect Authorization vulnerability

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the /api/v4/channels/channelid/members endpoint...

3.1CVSS6.9AI score0.00306EPSS
Exploits0References7
OSV
OSV
added 2025/10/16 9:30 a.m.6 views

GHSA-6Q7M-P8CC-998R Mattermost has a Missing Authorization vulnerability

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the OAuth state...

8.1CVSS6.9AI score0.00379EPSS
Exploits0References6
OSV
OSV
added 2025/10/16 9:30 a.m.4 views

GHSA-XR3W-RMVJ-F6M7 Mattermost has an Observable Timing Discrepancy vulnerability

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets...

3.1CVSS6.8AI score0.00246EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/10/16 8:17 a.m.4 views

CVE-2025-54499 Insecure string comparison enables timing attacks

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets...

3.1CVSS6.4AI score0.00246EPSS
Exploits0References1
OSV
OSV
added 2025/10/16 8:15 a.m.6 views

CVE-2025-41443

Mattermost versions 10.5.x = 10.5.12, 10.11.x = 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the /api/v4/teams/teamid/channels/ids endpoint...

4.3CVSS6.4AI score
Exploits0References1
Cvelist
Cvelist
added 2025/10/16 8:10 a.m.8 views

CVE-2025-41443 Guest user can discover active public channels

Mattermost versions 10.5.x = 10.5.12, 10.11.x = 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the /api/v4/teams/teamid/channels/ids endpoint...

4.3CVSS0.00287EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/16 8:10 a.m.2 views

CVE-2025-41443 Guest user can discover active public channels

Mattermost versions 10.5.x = 10.5.12, 10.11.x = 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the /api/v4/teams/teamid/channels/ids endpoint...

4.3CVSS5.9AI score0.00287EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.6 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability in Mattermost versions 10.11.1 and prior to 10.11.x, 10.10.2 and prior to 10.10.x, and 10.5.10 and prior to 10.5.x stems from a failure to validate that a user has the privileg...

8.1CVSS6.5AI score0.00307EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/10/13 7:14 p.m.9 views

WordPress TheGem Demo Import (for WPBakery) plugin <= 5.10.5 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by ? in WordPress Plugin TheGem Demo Import for WPBakery versions = 5.10.5...

6.5CVSS7AI score0.00332EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-31303

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00248EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-31304

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00248EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/27 8:44 a.m.13 views

CVE-2025-60097

Missing Authorization vulnerability in CodexThemes TheGem thegem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TheGem: from n/a through = 5.10.5...

5.4CVSS5.9AI score0.00248EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/21 12:0 a.m.5 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 10.5.8 and prior 10.5.x and 9.11.17 and prior 9.11.x, which stems from insufficient access control validation and could cause an authenticated use...

6.5CVSS8.7AI score0.0025EPSS
Exploits0References2
NVD
NVD
added 2025/09/19 8:15 p.m.5 views

CVE-2025-9081

Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration...

6.5CVSS0.0025EPSS
Exploits0References1
Rows per page
Query Builder