PT-2026-39929

SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromised resulting in a low impact on availability. There is no impact on confidentiality and integrity ...

BIT-DISCOURSE-2026-32619 Discourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categories

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, users who lost access to a topic e.g., removed from a private category group could still interact with polls in that topic, including voting and toggling poll status. No...

CVE-2026-32619 Discourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categories

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to a topic e.g., removed from a private category group could still interact with polls in that topic...

CVE-2026-1629

A missing cache invalidation flaw has been discovered in mattermost server. Affected versions fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache...

CVE-2026-1629

Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...

CVE-2026-1629

Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...

CVE-2026-1629

Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 10.11.10 and earlier, including 10.11.x, have security vulnerabilities. These vulnerabilities stem from the failure to invalidate cached preview data of fixed links whe...

PT-2026-25812

Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...

BIT-GITEA-2026-20736 Gitea Web Attachment Deletion: Cross-Repository Unauthorized Deletion via Missing Repo Ownership Check

Gitea does not properly verify repository context when deleting attachments. A user who previously uploaded an attachment to a repository may be able to delete it after losing access to that repository by making the request through a different repository they can access...

CVE-2026-20736

Gitea does not properly verify repository context when deleting attachments. A user who previously uploaded an attachment to a repository may be able to delete it after losing access to that repository by making the request through a different repository they can access. Mitigation Mitigation for...

CVE-2026-20736

Summary: CVE-2026-20736 affects Gitea. The issue is improper access control when deleting attachments: a user who previously uploaded an attachment may delete it after losing repo access by performing the request through a different accessible repository. Affected component: attachment deletion l...

Gitea security vulnerabilities

Gitea is a lightweight Git service developed using Go language in the Gitea community. Gitea has a security vulnerability that stems from improper validation of repository context when deleting attachments. This vulnerability allows users to still delete attachments from other repositories that...

PT-2026-4287

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description Gitea does not correctly validate the repository context during attachment deletion. A user who uploaded an attachment to a repository might be able to delete it even after losing access to tha...

EUVD-2025-19724

Malicious code in bioql PyPI...

CVE-2025-27026

A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop CLI interface but...

CVE-2025-49845 Discourse users are able to see their own whispers even after being removed from a group that has been configured to see whispers

Discourse is an open-source discussion platform. The visibility of posts typed whisper is controlled via the whispersallowedgroups site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed whisper. However, it has been discovered that users of...

CVE-2024-9161

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'updatemetadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated...

CVE-2025-27443

Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access...

IBM FlashSystem 5300 Authentication Error Vulnerability

The IBM FlashSystem 5300 is an IBM storage enterprise system from International Business Machines IBM that stores data on flash memory. The IBM FlashSystem 5300 suffers from an authentication error vulnerability that could be exploited by an attacker to cause loss of access to data using a USB po...