PT-2025-34314

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2025.Q1.0 through 2025.Q1.4 Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q2.0 through...

CVE-2010-20119

CommuniCrypt Mail versions up to and including 1.16 contains a stack-based buffer overflow vulnerability in its ANSMTP.dll and AOSMTP.dll ActiveX controls, specifically within the AddAttachments method. This method fails to properly validate the length of input strings, allowing data to exceed th...

CVE-2025-43750

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows remote unauthenticated users guests to upload files via th...

PT-2025-34041

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2025.Q1.0 through 2025.Q1.1 Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q2.0 through...

PT-2025-33826 · Mozilla · Firefox For Ios

Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 142 Description: Firefox for iOS did not correctly handle the Content-Disposition header of type Attachment, resulting in content being displayed inline instead of being downloaded. This behavior could...

PT-2025-107: Insufficient authorization in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to bypass access‑control checks, gaining information or functionality beyond the user’s granted privileges. Vulnerability status: Confirmed by vendor Date of vulnerability remediation:...

Linux Distros Unpatched Vulnerability : CVE-2016-6188

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service memory consumption via a large number of attempts to upload a large attachment,...

SUSE CVE-2025-4981

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequence...

Freescout Helper::decrypt() function deserialization vulnerability

FreeScout is an open source helpdesk system built on the PHP Laravel framework, designed to provide users with functionality similar to Zendesk or Help Scout, but without sacrificing privacy or freedom. Freescout suffers from a deserialization vulnerability that stems from an application that...

FreeScout 代码问题漏洞

FreeScout is an open source helpdesk system built on the PHP Laravel framework, designed to provide users with functionality similar to Zendesk or Help Scout, but without sacrificing privacy or freedom. Freescout suffers from a deserialization vulnerability that stems from an application that...

Mattermost Server 9.11.x < 9.11.17 / 10.5.x < 10.5.7 / 10.7.x < 10.7.4 / 10.8.x < 10.8.2 (MMSA-2025-00494)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00494 advisory. - Mattermost versions 10.8.x = 10.8.1, 10.7.x = 10.7.3, 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to sanitize input paths of file attachments in the bulk import...

CVE-2025-6741

Improper access control in secure message component in Devolutions Server allows an authenticated user to steal unauthorized entries via the secure message entry attachment feature This issue affects the following versions : Devolutions Server 2025.2.2.0 through 2025.2.4.0 Devolutions Server...

Mattermost Path Traversal vulnerability

Mattermost versions 10.8.x = 10.8.1, 10.7.x = 10.7.3, 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to sanitize input paths of file attachments in the bulk import JSONL file, which allows a system admin to read arbitrary system files via path traversal...

GHSA-WVW2-3JH4-4C39 Mattermost Path Traversal vulnerability

Mattermost versions 10.8.x = 10.8.1, 10.7.x = 10.7.3, 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to sanitize input paths of file attachments in the bulk import JSONL file, which allows a system admin to read arbitrary system files via path traversal...

U.S. Dept Of Defense: Unauthenticated Users Can Access Other Users’ Bug Report Attachments via Broken Access Control

A vulnerability was discovered where unauthenticated users could access other users' bug report attachments due to a lack of proper access control. The /BugReport/Admin/Attachment/id endpoint exposed attachments linked to private bug reports, and the numeric ID in the URL could be manipulated to...

CLSA-2025-1752750189 emacs: Fix of CVE-2024-30204

CVE-2024-30204: disable LaTeX preview for e-mail attachments to protection when untrusted-content is non-nil...

Malicious code in ngf-attachments-list (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-6106 Malicious code in ngf-attachments-list (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the API endpoints responsible for updating and deleting inventory item attachments. An attacker can access or modify attachments belonging to other users by sending crafted requests as an authenticated user...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the API endpoints responsible for updating and deleting inventory item attachments. An attacker can access or modify attachments belonging to other users by sending crafted requests as an authenticated user...