168 matches found
CVE-2025-62046
CVE-2025-62046: WordPress TheGem Demo Import (for WPBakery) plugin up to version 5.10.5 has a Missing Authorization vulnerability that can lead to Arbitrary Content Deletion. Affected software: TheGem Demo Import (for WPBakery). Base CVSS v3.1 score: 6.5 (Medium). Connected sources confirm the is...
CVE-2025-62012
CVE-2025-62012 affects WordPress TheGem (Elementor) theme and related TheGem elements: thegem-elementor. The vulnerability is caused by improper neutralization of input during web page generation, resulting in a Cross-Site Scripting (XSS) issue. Affected versions are
WordPress plugin TheGem (Elementor) 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that provides the ability to host a personal blog site on a PHP and MySQL based server. A cross-site scripting...
RHSA-2025:19572 Red Hat Security Advisory: mariadb:10.5 security update
Bulletin has no description...
mariadb:10.5 security update
galera 26.4.22-1 - Rebase to 26.4.22 Judy 1.0.5-18 - Remove README.Fedora; no longer needed since 1.0.5 version - Resolves: 1638717 1.0.5-17 - ldconfig scriptlets replaced by RPM File Triggers from Fedora 28 - Drop legacy BuildRoot: and Group: tags - Drop redundant explicit buildroot cleaning -...
EUVD-2025-34730
Mattermost has an Observable Timing Discrepancy vulnerability...
GHSA-424H-XJ87-M937 Mattermost has an Incorrect Authorization vulnerability
Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the /api/v4/channels/channelid/members endpoint...
GHSA-6Q7M-P8CC-998R Mattermost has a Missing Authorization vulnerability
Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the OAuth state...
GHSA-XR3W-RMVJ-F6M7 Mattermost has an Observable Timing Discrepancy vulnerability
Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets...
CVE-2025-54499 Insecure string comparison enables timing attacks
Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets...
CVE-2025-41443
Mattermost versions 10.5.x = 10.5.12, 10.11.x = 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the /api/v4/teams/teamid/channels/ids endpoint...
CVE-2025-41443 Guest user can discover active public channels
Mattermost versions 10.5.x = 10.5.12, 10.11.x = 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the /api/v4/teams/teamid/channels/ids endpoint...
CVE-2025-41443 Guest user can discover active public channels
Mattermost versions 10.5.x = 10.5.12, 10.11.x = 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the /api/v4/teams/teamid/channels/ids endpoint...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability in Mattermost versions 10.11.1 and prior to 10.11.x, 10.10.2 and prior to 10.10.x, and 10.5.10 and prior to 10.5.x stems from a failure to validate that a user has the privileg...
WordPress TheGem Demo Import (for WPBakery) plugin <= 5.10.5 - Arbitrary Content Deletion vulnerability
Arbitrary Content Deletion vulnerability discovered by ? in WordPress Plugin TheGem Demo Import for WPBakery versions = 5.10.5...
EUVD-2025-31303
Malicious code in bioql PyPI...
EUVD-2025-31304
Malicious code in bioql PyPI...
CVE-2025-60097
Missing Authorization vulnerability in CodexThemes TheGem thegem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TheGem: from n/a through = 5.10.5...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 10.5.8 and prior 10.5.x and 9.11.17 and prior 9.11.x, which stems from insufficient access control validation and could cause an authenticated use...
CVE-2025-9081
Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration...