PT-2026-42745

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate file ownership and access control, which allows an authenticated user to access and download files belonging to other users or teams via crafted Boards API requests using valid file IDs...

PT-2026-42748

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request to the PR details endpoint.. Mattermost Advisory ID:...

EUVD-2015-1193

Malware in sbrugna...

EUVD-2024-49515

Malicious code in bioql PyPI...

EUVD-2021-9352

Malicious code in bioql PyPI...

EUVD-2022-31965

Malicious code in bioql PyPI...

EUVD-2022-36196

Malicious code in bioql PyPI...

CVE-2025-2614 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated user to cause a denial of service condition by creating specially crafted content that consumes excessive server resourc...

CVE-2023-22451

Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the...

CVE-2023-3399

An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom...

Security Bulletin: IBM Master Data Management is vulnerable to prototype pollution from vulnerability found in Dojo (CVE-2021-23450)

Summary IBM Master Data Management v11.6, v12.0, and v14.0 are vulnerable to prototype pollution from vulnerability found in Dojo. Dojo could allow a remote attacker to cause a denial of service, caused by a prototype pollution in the setObject function. By sending a specially-crafted request, an...

CVE-2024-10730

A vulnerability, which was classified as critical, has been found in Tongda OA up to 11.6. This issue affects some unknown processing of the file /pda/appcenter/webshow.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2024-8970

GitLab CE/EE vulnerable in multiple versions (11.6–17.2.9, 17.3–17.3.5, 17.4–17.4.2) where an attacker could trigger a pipeline as another user under certain conditions. Affected projects include GitLab CE/EE; the issue is addressed in updated releases. Public references point to GitLab issues an...

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management (CVE-2023-35890)

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server which could provide weaker than expected security, caused by the improper encoding in a local configuration file. Vulnerability Details CVEID:CVE-2023-35890 DESCRIPTION: IBM...

Remote code execution

MiniTool Power Data Recovery 11.6 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack...

Design/Logic Flaw

XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode anything dangerous is disabled, but the async macro does not take into account the restricted mode. This means that any user with...

CVE-2023-26471 XWiki Platform users may execute anything with superadmin right through comments and async macro

XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode anything dangerous is disabled, but the async macro does not take into account the restricted mode. This means that any user with...

SeaCMS Code Execution Vulnerability (CNVD-2023-61759)

SeaCMS is a free and open source web content management system written in PHP. The system has been designed primarily to manage video-on-demand resources. A code execution vulnerability exists in SeaCMS version 11.6. The vulnerability stems from the program's lack of validation of the data insert...

SUSE CVE-2019-18453

An issue was discovered in GitLab Community and Enterprise Edition 11.6 through 12.4 in the add comments via email feature. It has Insecure Permissions...

WordPress WP Google Review Slider Plugin < 11.6 is vulnerable to Cross Site Scripting (XSS)

Software WP Google Review Slider Type Plugin Vulnerable versions 11.6 Fixed in 11.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4242 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8a973086e278 Credits iohex Required...