Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 11.5.1 and earlier of the 11.5.x series, as well as versions 10.11.13 and earlier of the 10.11.x series, and 11.4.3 and earlier of the 11.4.x series. Thes...

SUSE CVE-2026-33212

Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. The attacker needs to brute-force the random UUID of the task, so...

CVE-2025-30042

The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication,...

EUVD-2025-208147

The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication,...

CVE-2025-30042 Session generation possible with certificate number only

The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication,...

USN-8002-1 openjdk-21 vulnerabilities

It was discovered that the RMI component of OpenJDK 21 would establish RMI TCP endpoint connections to a remote host without setting an endpoint identification algorithm. An unauthenticated remote attacker could possibly use this issue to steal sensitive information. CVE-2026-21925 Mingijung...

EUVD-2019-14851

Malware in sbrugna...

EUVD-2022-28585

Malicious code in bioql PyPI...

EUVD-2022-3896

Malicious code in bioql PyPI...

SUSE CVE-2025-48731

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the Confluence space which allows attackers to edit a subscription for a Confluence space the user does not have access for via edit subscription endpoint...

CVE-2020-9089

There is an information vulnerability in Huawei smartphones. A function in a module can be called without verifying the caller's access. Attackers with user access can exploit this vulnerability to obtain some information. This can lead to information leak. Vulnerability ID: HWPSIRT-2019-12141 Th...

CVE-2020-8920

An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users'...

CVE-2013-3315

The server in TIBCO Silver Mobile 1.1.0 does not properly verify access to the administrator role before executing a command, which allows authenticated users to gain privileges via unspecified vectors...

CVE-2025-24245

CVE-2025-24245 affects macOS Sequoia 15.4. The issue is addressed by adding a delay between verification code attempts, preventing rapid guessing during verification. A malicious app may be able to access a user’s saved passwords if exploitation occurs before patch deployment. Apple’s advisory fo...

Linux Distros Unpatched Vulnerability : CVE-2024-50063

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Prevent tail call between progs attached to different hooks bpf progs can be attached to kernel functions, and the attached functions can take different...

CVE-2020-9089

There is an information vulnerability in Huawei smartphones. A function in a module can be called without verifying the caller's access. Attackers with user access can exploit this vulnerability to obtain some information. This can lead to information leak. Vulnerability ID: HWPSIRT-2019-12141 Th...

CVE-2020-9089

There is an information vulnerability in Huawei smartphones. A function in a module can be called without verifying the caller's access. Attackers with user access can exploit this vulnerability to obtain some information. This can lead to information leak. Vulnerability ID: HWPSIRT-2019-12141 Th...

PT-2024-10863 · Huawei · Huawei Smartphone

Name of the Vulnerable Software and Affected Versions: Huawei smartphones affected versions not specified Description: There is an information vulnerability in Huawei smartphones. A function in a module can be called without verifying the caller's access. Attackers with user access can exploit th...

CVE-2024-50063

In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tail call between progs attached to different hooks bpf progs can be attached to kernel functions, and the attached functions can take different parameters or return different return values. If prog attached to one...

CVE-2024-6580

CVE-2024-6580 concerns the IPWorks SSH library SFTPServer component. The issue arises when loading an SSH public key or certificate, where the component can be induced to make unintended filesystem or network path requests. Exploitation requires an application calling the SFTPServer to grant user...