3304 matches found
PT-2025-54341
Name of the Vulnerable Software and Affected Versions Marco Milesi WP Attachments versions through 5.2 Description A missing authorization issue exists in Marco Milesi WP Attachments, stemming from incorrectly configured access control security levels. This allows for potential exploitation of th...
GO-2025-4261 Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea
Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea...
CVE-2025-14913
The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to an incorrect authorization check on the 'mediadeleteaction' function in all versions up to, and including, 1.2.6. This makes it possible for...
CVE-2025-68939
Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API...
CVE-2025-68939
Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API...
CVE-2025-14913
The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to an incorrect authorization check on the 'mediadeleteaction' function in all versions up to, and including, 1.2.6. This makes it possible for...
CVE-2025-14913
CVE-2025-14913 affects the Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin. It allows unauthenticated attackers to delete arbitrary attachments due to an incorrect authorization check in the media_delete_action function, affecting all versions up to 1.2.6. CVSS 3.1 base ...
CVE-2025-13767
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachmen...
PT-2025-53417
Name of the Vulnerable Software and Affected Versions Frontend Post Submission Manager Lite WordPress Plugin versions through 1.2.6 Description The Frontend Post Submission Manager Lite WordPress Plugin is affected by a flaw that allows unauthorized data loss. An incorrect authorization check...
GHSA-FMQF-PMCM-8CX9 Mattermost doesn't validate user channel membership when attaching Mattermost posts as comments to Jira issues
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachmen...
CVE-2025-13767
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachmen...
CVE-2025-13767
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachmen...
CVE-2025-13767
Mattermost Jira plugin vulnerability (CVE-2025-13767): versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x
EUVD-2025-205063
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachmen...
CVE-2025-13767 Unauthorized Read Access to Private Channel Posts via Mattermost Jira Plugin
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachmen...
WordPress Attachments Handler plugin <= 1.1.7 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Attachments Handler versions = 1.1.7...
PT-2025-52872
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.7 Mattermost versions 10.12.x through 10.12.3 Mattermost versions 11.0.x through 11.0.5 Mattermost versions 11.1.x through 11.1.0 Description The software does not properly validate user channel...
CVE-2025-67289
An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file...
CVE-2025-67289
An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file...
CVE-2025-67289
An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file...