CVE-2025-36375 IBM DataPower Gateway vulnerable to CSRF

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and...

Important: Red Hat Security Advisory: mariadb:10.5 security update

An update for the mariadb:10.5 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 10.11.4 and prior to 10.11.x and 10.5.12 and prior to 10.5.x. The vulnerability stems from unvalidated user permissions and could lead to...

Privilege Context Switching Error

Overview Affected versions of this package are vulnerable to Privilege Context Switching Error in the current user session. An attacker can remove comments created by other users by sending crafted requests with insufficient permission checks. Remediation Upgrade...

CVE-2025-55074 Channel member objects leak read status

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

GHSA-XR3W-RMVJ-F6M7 Mattermost has an Observable Timing Discrepancy vulnerability

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets...

CVE-2025-41443

Mattermost versions 10.5.x = 10.5.12, 10.11.x = 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the /api/v4/teams/teamid/channels/ids endpoint...

CVE-2025-41443 Guest user can discover active public channels

Mattermost versions 10.5.x = 10.5.12, 10.11.x = 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the /api/v4/teams/teamid/channels/ids endpoint...

CVE-2025-9081

Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration...

CVE-2025-9084

CVE-2025-9084 affects Mattermost Server 10.5.x ≤ 10.5.9, where the OAuth login redirect URLs are not properly validated, enabling open redirect to attacker‑controlled sites. Connected sources corroborate the issue in Mattermost Server and reference an affected range up to 10.5.9, with remediation...

Mattermost has Potential Server Crash due to Unvalidated Import Data

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature...

PT-2025-34258 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.8.x through 10.8.3 Mattermost versions 10.5.x through 10.5.8 Mattermost versions 10.10.x through 10.10.0 Mattermost versions 10.9.x through 10.9.3 Description: The application fails to sanitize file names, potentially...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 10.8.3 and prior 10.8.x, 10.5.8 and prior 10.5.x, 9.11.17 and prior 9.11.x, and 10.9.2 and prior 10.9.x, which stems from an uncleaned path...

PT-2024-29556 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 10.5, 11.1, and 11.5 Description: The issue is a denial of service, where the server may crash under certain conditions with a specially crafted query. Recommendations:...

MariaDB 安全漏洞

MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. A remote code execution vulnerability exists in MariaDB version 10.5, and no detailed vulnerability details are currently available...

Scalefusion kiosk security vulnerability

ScaleFusion is a mobile device management and unified endpoint management application from ScaleFusion. A security vulnerability exists in the Scalefusion kiosk version 10.5.2, which stems from the ability to use Alt-F4, resulting in the inability to properly restrict users from using the Edge...

PT-2023-8441 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM DB2 for Linux, UNIX and Windows includes Db2 Connect Server versions 10.1, 10.5, and 11.1 Description: The issue is related to insufficient input validation in the IBM DB2 database management system and the IBM DB2 Connect Server. It allo...

CVE-2023-30445

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253357...

IBM DB2 输入验证错误漏洞

IBM DB2 is a relational database management system from International Business Machines IBM. The system is implemented in UNIX, Linux, IBMi, z/OS, and Windows server versions. An input validation error vulnerability exists in IBM Db2, which stems from the possibility that the server may crash whe...

CVE-2022-43927

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671...