Mattermost Server 10.11.x < 10.11.15 / 11.4.x < 11.4.5 / 11.5.x < 11.5.4 / 11.6.x < 11.6.1 Path Traversal (MMSA-2026-00640)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2026-00640 advisory. - Mattermost Server fails to check the integration URL for path traversal which allows a malicious authenticated user to call an arbitrary API via a system...

CVE-2026-4858

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to check integration URL for path traversal which allows an malicious authenticated user to call an arbitrary API via system admin Mattermost auth token using via path traversal in integration action...

CVE-2026-4858

Mattermost CVE-2026-4858 affects versions 11.6.x, 11.5.x, 11.4.x and 10.11.x where the integration action URL does not properly validate path traversal. This allows a malicious authenticated user to call an arbitrary API using the system admin Mattermost token by exploiting the path traversal in ...

PT-2026-42439

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to check integration URL for path traversal which allows an malicious authenticated user to call an arbitrary API via system admin Mattermost auth token using via path traversal in integration action...

CVE-2022-50908

Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through email attachments. Attackers can send crafted emails with XSS payloads to execute arbitrary API calls, including message deletion and browser manipulation...

CVE-2022-50908

MailHog 1.0.1 is affected by a stored XSS vulnerability in attachments that allows execution of arbitrary API calls (e.g., message deletion, browser manipulation) when a crafted email is processed. Technical details from multiple sources indicate the issue stems from improper handling of attachme...

MailHog 跨站脚本漏洞

MailHog is MailHog open source a SMTP protocol testing tool . Mailhog version 1.0.1 suffers from a cross-site scripting vulnerability that stems from stored cross-site scripting , which could lead to an attacker injecting malicious scripts and executing arbitrary API calls via email attachments...

Cross-Site Request Forgery (CSRF)

Liferay Portal is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation of requests in the Headless API endpoint parameter, which allows a remote attacker to execute arbitrary Headless API calls by crafting a malicious request...

EUVD-2005-1410

Malware in sbrugna...

EUVD-2012-4430

Malware in sbrugna...

EUVD-2025-7106

Malicious code in bioql PyPI...

EUVD-2024-46417

Malicious code in bioql PyPI...

CVE-2022-45636

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock models without authorization via arbitrary API requests...

CVE-2021-45467

In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1= .%00./.%00./api/accountnewcreate=guadaapi URI. Any number of %00 instances can...

CVE-2012-4501

Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs...

CVE-2024-10481

A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability allows attackers to host malicious websites that, when visited by authenticated ComfyUI users, can perform arbitrary API requests on behalf of the user. This can be exploited to perform actions such as...

CVE-2024-10481

A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability allows attackers to host malicious websites that, when visited by authenticated ComfyUI users, can perform arbitrary API requests on behalf of the user. This can be exploited to perform actions such as...

CVE-2024-10481

A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability allows attackers to host malicious websites that, when visited by authenticated ComfyUI users, can perform arbitrary API requests on behalf of the user. This can be exploited to perform actions such as...

CVE-2024-10481

CVE-2024-10481 is a CSRF vulnerability in comfyanonymous/comfyui

CVE-2024-10481 Cross-Site Request Forgery (CSRF) in comfyanonymous/comfyui

A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability allows attackers to host malicious websites that, when visited by authenticated ComfyUI users, can perform arbitrary API requests on behalf of the user. This can be exploited to perform actions such as...