Mattermost Server 10.11.x <= 10.11.13 / 11.4.x <= 11.4.3 / 11.5.x <= 11.5.1 Multiple Vulnerabilities (MMSA-2026-00573 / MMSA-2026-00576 / MMSA-2026-00591 / MMSA-2026-00605 / MMSA-2026-00607 / MMSA-2026-00608 / MMSA-2026-00614 / MMSA-2026-00627)

The version of Mattermost Server installed on the remote host is affected by multiple vulnerabilities: - Mattermost fails to sanitize sensitive configuration fields before including them in support packet generation, which allows a Mattermost System Admin or any party with access to a support...

CLEANSTART-2026-JF61842 Security fixes for CVE-2025-54410, CVE-2026-32952, CVE-2026-33186, CVE-2026-40179, ghsa-4vq8-7jfc-9cvp, ghsa-p77j-4mvh-x3m3, ghsa-pjcq-xvwq-hhpj, ghsa-vffh-x6r8-xx99 applied in versions: 8.18.1-r0, 9.1.10-r0, 9.3.4-r0

Multiple security vulnerabilities affect the elastic-beats package. These issues are resolved in later releases. See references for individual vulnerability details...

security-skills

Security Skills Security Skills is a Hermes Agent skill pack...

CVE-2026-5788

creationtimestamp| type| source ---|---|--- 2026-05-07 07:54:45+00:00| seen| https://ccb.belgium.be/advisories/warning-authenticated-remote-code-execution-vulnerability-ivanti-epmm-exploited-patch 2026-05-07 08:14:00+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus-2026-12...

Important: freerdp

Issue Overview: DoS via WINPRASSERT in rtsreadauthverifiernochecks NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4v4p-9v5x-hc93 CVE-2026-33952 DoS via WINPRASSERT in IMA ADPCM audio decoder dsp.c:331 NOTE:...

CVE-2026-25086

creationtimestamp| type| source ---|---|--- 2026-03-19 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08 2026-03-21 23:00:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhm54n4dr32h...

CVE-2019-9010

creationtimestamp| type| source ---|---|--- 2026-03-17 12:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01...

How to scan for vulnerabilities with GitHub Security Lab’s open source AI-powered framework

For the last few months, we've been using the GitHub Security Lab Taskflow Agent along with a new set of auditing taskflows that specialize in finding web security vulnerabilities. They also turn out to be very successful at finding high-impact vulnerabilities in open source projects. As security...

CVE-2025-59505

creationtimestamp| type| source ---|---|--- 2025-11-11 17:29:38+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2025-0358 2025-11-11 17:30:42+00:00| seen| https://www.thezdi.com/blog/2025/11/11/the-november-2025-security-update-review 2025-11-12 06:33:03+00:00| seen|...

CVE-2025-60715

creationtimestamp| type| source ---|---|--- 2025-11-11 17:29:38+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2025-0358 2025-11-11 17:30:42+00:00| seen| https://www.thezdi.com/blog/2025/11/11/the-november-2025-security-update-review 2025-11-11 20:26:38+00:00| seen|...

CVE-2025-62213

creationtimestamp| type| source ---|---|--- 2025-11-11 17:29:38+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2025-0358 2025-11-11 17:30:42+00:00| seen| https://www.thezdi.com/blog/2025/11/11/the-november-2025-security-update-review...

CISA Releases Four Industrial Control Systems Advisories

CISA released four Industrial Control Systems ICS Advisories on October 9, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-282-01 Hitachi Energy Asset Suite ICSA-25-282-02 Rockwell Automation Lifecycle Service...

SUSE SLES15 Security Update : kernel (Live Patch 17 for SLE 15 SP5) (SUSE-SU-2025:02459-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02459-1 advisory. This update for the Linux Kernel 5.14.21-1505005573 fixes several issues. The following security issues were fixed: - CVE-2024-53146: NFSD:...

CVE-2025-5037

creationtimestamp| type| source ---|---|--- 2025-07-15 03:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-597/ 2025-07-15 03:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-594/ 2025-07-15 03:00:00+00:00| seen|...

MINI-GQVP-WJXW-8RFM

Bulletin has no description...

adstoolbox (>=1.0.29 <=2025.9.5), afw (>=0.0.6 <=0.0.21) +41 more potentially affected by CVE-2025-30714 via mysql-connector-python (>=9.0.0 <=9.2.0)

mysql-connector-python PYPI version =9.0.0, =1.0.29, =0.0.6, =1.7.0, =0.3.0, =1.0.6, =0.5.0, =0.2.1, =1.0.1, =0.1.20, =1.107.2rc3, =0.1.0, =0.8.0, =1.0.3, =1.1.9 and more Source cves: CVE-2025-30714 Source advisory: SNYK:PYTHON-MYSQLCONNECTORPYTHON-9724724...

CVE-2025-25276

creationtimestamp| type| source ---|---|--- 2025-04-15 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04...

Azure Linux 3.0 Security Update: application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns / etcd (CVE-2025-30204)

The version of application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns / etcd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-30204 advisory. - golang-jwt is a Go...

CVE-2025-1974

creationtimestamp| type| source ---|---|--- 2025-03-24 17:55:00+00:00| seen| https://thehackernews.com/2025/03/critical-ingress-nginx-controller.html 2025-03-24 21:44:21+00:00| seen| https://bsky.app/profile/lookitup.baby/post/3ll5q2vbz6c2k 2025-03-24 21:58:30+00:00| seen|...

RockyLinux 9 : runc (RLSA-2024:9200)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:9200 advisory. golang: net: malformed DNS message can cause infinite loop CVE-2024-24788 Tenable has extracted the preceding description block directly from the RockyLinux...