GHSA-PQHX-W72W-M393 ntfy.sh allows a remote attacker to execute arbitrary code via the parseActions function

An issue in Ntfy ntfy.sh before v.2.22.0 allows a remote attacker to execute arbitrary code via the parseActions function...

EUVD-2025-2143

Malicious code in bioql PyPI...

CVE-2025-47619

Missing Authorization vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Path Traversal.This issue affects 6Storage Rentals: from n/a through = 2.20.2...

CVE-2025-21083

Mattermost Mobile Apps versions =2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post...

Mattermost Mobile Apps 安全漏洞

Mattermost Mobile Apps is a messaging mobile application from Mattermost USA. A security vulnerability exists in Mattermost Mobile Apps version 2.22.0 that stems from an inability to properly handle posts with attachments, allowing an attacker to cause a mobile device to crash by creating such a...

PT-2025-4149 · Mattermost · Mattermost Mobile

Name of the Vulnerable Software and Affected Versions: Mattermost Mobile versions =2.22.0 Description: The issue arises from the improper handling of posts with attachments that contain fields which cannot be converted to a string. This allows an attacker to cause the mobile application to crash ...

CVE-2025-21083

Mattermost Mobile Apps versions =2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post...

PT-2025-4140 · Mattermost · Mattermost Mobile Apps

Name of the Vulnerable Software and Affected Versions: Mattermost Mobile Apps versions =2.22.0 Description: The issue arises from the failure to properly validate post properties, allowing a malicious authenticated user to cause a crash via a malicious post. This can be exploited by an...

CVE-2024-1297

Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection...

Command injection

Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection...

Cesanta MJS Security Vulnerability

Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are a small footprint and simple C/C++ interoperability. A security vulnerability exists in Cesanta MJS version 2.22.0, which is caused by...

CVE-2018-8041

Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal...