CVE-2024-20401

A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. This vulnerability is due to improper handling of email attachments when file...

PT-2025-5647 · Openmrs · Openmrs Platform +5

Name of the Vulnerable Software and Affected Versions: OpenMRS Platform versions prior to 2.6.11 OpenMRS Platform version 2.5 and earlier, except for version 2.5.14 and later Legacy UI OMOD versions prior to 1.21.0 ID Gen OMOD versions prior to 4.14.0 Address Hierarchy OMOD versions prior to 2.19...

SUSE CVE-2025-20621

Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel...

SUSE CVE-2025-21088

Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input...

Able to attach restricted files to Jira issues from Email

h3. Issue Summary From 9.15, admins can now restrict unwanted file extensions from being uploaded through issues. However, the restriction does not work when the attachment is sent via email. The files with restricted extensions are being uploaded to Jira issues. Reference:Restrict unwanted file...

U.S. Dept Of Defense: Applicant security exam Attachments/Documents accessible through an IDOR/BAC on the custom Apex controller on https://█████.mil

The applicant security exam contained an Insecure Direct Object Reference IDOR vulnerability on the custom Apex controller on the https://█████.mil portal. The vulnerability allowed an attacker to switch the ownership of any Attachment record and access the files, which contained sensitive...

CVE-2025-20072

Mattermost Mobile versions = 2.22.0 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the mobile via crafted malicious input...

CVE-2025-20072 Mobile crash via improper validation of proto style in attachments

Mattermost Mobile versions = 2.22.0 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the mobile via crafted malicious input...

CVE-2025-20072 Mobile crash via improper validation of proto style in attachments

Mattermost Mobile versions = 2.22.0 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the mobile via crafted malicious input...

Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer

Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns. "In both campaigns, attackers hid malicious code in images they uploaded to archive.org, a file-hosting website, and used the same...

Mattermost Mobile Apps 安全漏洞

Mattermost Mobile is a mobile application project, developed using the React Native framework, designed to provide a cross-platform iOS and Android client for Mattermost. Mattermost Mobile suffers from a denial of service vulnerability that stems from an inability to properly validate the proto...

Mattermost Mobile Apps 安全漏洞

Mattermost Mobile Apps is a messaging mobile application from Mattermost USA. A security vulnerability exists in Mattermost Mobile Apps version 2.22.0 that stems from an inability to properly handle posts with attachments, allowing an attacker to cause a mobile device to crash by creating such a...

PT-2025-4149 · Mattermost · Mattermost Mobile

Name of the Vulnerable Software and Affected Versions: Mattermost Mobile versions =2.22.0 Description: The issue arises from the improper handling of posts with attachments that contain fields which cannot be converted to a string. This allows an attacker to cause the mobile application to crash ...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A denial of service vulnerability exists in Mattermost. The vulnerability stems from a failure to properly handle attachments that contain string fields. An attacker could exploit the vulnerability to...

CVE-2025-21088

Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input...

PT-2025-1103 · Microsoft · Windows App Package Installer +1

Name of the Vulnerable Software and Affected Versions: Windows App Package Installer affected versions not specified Description: The issue is related to weaknesses in the authorization procedure of the Windows App Package Installer, allowing an attacker to elevate their privileges. This can be...

PT-2025-1193

Name of the Vulnerable Software and Affected Versions Microsoft Outlook versions prior to the fixed version Description The vulnerability is a zero-click remote code execution RCE flaw in Microsoft Outlook, caused by a memory corruption issue in the UtOlePresStmToContentsStm function of the...

CVE-2024-12855

The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sbremovead' in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

PT-2025-54918

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.3 Description Dovecot includes a script for converting attachments to text that improperly handles zip-style attachments. An attacker could leverage specially crafted OOXML documents to cause unintended files on t...

CVE-2024-25020

IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Attackers can make use of this weakness and upload malicious executable files into the system and can be sent to victims for performing further...