3 matches found
@11ty/eleventy (=3.0.0-alpha.16), @agiflowai/aicode-toolkit (>=0.6.0 <=1.0.24) +60 more potentially affected by CVE-2026-33287 via liquidjs (>=10.10.0 <=10.24.0)
liquidjs NPM version =10.10.0, =0.6.0, =0.1.0, =0.0.0, =1.0.1-beta.0, =1.6.3, =3.11.0, =3.11.0, =3.11.0, =1.1.0, =15.0.0, =34.0.0 - @fahami/directus-pkce =1.0.0 and more Source cves: CVE-2026-33287 Source advisory: OSV:GHSA-6Q5M-63H6-5X4V...
CVE-2025-9076 Mattermost Server exposes sensitive user credentials during shared channel membership synchronization
Mattermost versions 10.10.x = 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instanc...
PT-2025-6452 · WordPress · Wp Booking Calendar
Name of the Vulnerable Software and Affected Versions: WP Booking Calendar plugin for WordPress versions up to, and including, 10.10 Description: The issue allows unauthenticated attackers to manipulate their confirmed bookings, even after they have been approved, due to the plugin not properly...