CVE-2026-0997

Mattermost components affected include Mattermost server versions 11.1.x up to 11.1.2, 10.11.x up to 10.11.9, and 11.2.x up to 11.2.1, together with Mattermost Plugin Zoom versions up to 1.11.0. The underlying issue is that the API endpoint /plugins/zoom/api/v1/channel-preference does not properl...

CVE-2026-0998

CVE-2026-0998 affects Mattermost releases 11.1.x up to 11.1.2, 10.11.x up to 10.11.9, 11.2.x up to 11.2.1 and Mattermost Plugin Zoom up to 1.11.0. The issue is in the {{/api/v1/askPMI}} endpoint where user identity and post ownership are not validated, allowing unauthorized users to start Zoom me...

CVE-2026-0998 Mattermost Zoom Plugin allows unauthorized meeting creation and post modification via insufficient API access controls

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate user identity and post ownership in the /api/v1/askPMI endpoint which allows unauthorized users to start Zoom meetings as any user and overwrite arbitrary posts via...

PT-2026-8333

Name of the Vulnerable Software and Affected Versions pretix affected versions not specified Description The software allows the use of placeholders in email templates that are populated with customer data. A flaw exists where specially crafted placeholder names, such as event. init . code .co...

PT-2026-8360

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterMail versions prior to 9526 Description SmarterTools SmarterMail is susceptible to a cross-site scripting XSS issue through MAPI requests. The issue allows for the injection of malicious scripts via crafted MAPI requests...

SmarterTools SmarterMail 安全漏洞

SmarterTools SmarterMail is a set of email server software developed by SmarterTools Corporation. This software supports features such as spam filtering, data statistics, and Simple Mail Transfer Protocol SMTP authentication. Previous versions of SmarterTools SmarterMail version 9526 had security...

PT-2026-8332

Name of the Vulnerable Software and Affected Versions pretix affected versions not specified Description The software allows the use of placeholders in email templates that are populated with customer data. A flaw exists where specially crafted placeholder names, such as event. init . code .co...

PT-2026-20787

Name of the Vulnerable Software and Affected Versions Ghost versions 3.24.0 through 6.19.0 Description A blind SQL injection exists in the Content API of Ghost, a Node.js content management system. This flaw occurs because the application uses string concatenation instead of parameterized queries...

PT-2026-8348

A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/net handler.go. This manipulation of the argument url causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be use...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. There are security vulnerabilities in Mattermost versions 11.1.2 and earlier 11.1.x series, 10.11.9 and earlier 10.11.x series, 11.2.1 and earlier 11.2.x series, as well as in Mattermost Plugin Zoom...

PT-2026-8341

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.0 through 10.11.9 Description Mattermost versions 10.11.x up to and including 10.11.9 do not properly enforce invite permissions when team settings are updated. This allows team administrators lacking the necessary...

RHEL 8 : python-urllib3 (RHSA-2026:2728)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:2728 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

RHEL 8 : python-urllib3 (RHSA-2026:2723)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:2723 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

RHEL 8 : python-urllib3 (RHSA-2026:2718)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:2718 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Exploit for Missing Authorization in Themepunch Slider_Revolution

CVE-2024-34444 - Slider Revolution Missing Authorization Scann...

EUVD-2019-19411

ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface index.html through search, user management, and API parameters. Attackers can inject scripts via parameters in /db/system/admin/aardvark/index.html to execute JavaScript i...

CVE-2026-1254

The Modula Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.13.6. This is due to the plugin not properly verifying that a user is authorized to modify specific posts before updating them via the REST API...

EUVD-2026-5835

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS PTR record spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it...

CVE-2026-26190

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

CVE-2026-22892

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...