Mattermost Server 10.11.x <= 10.11.13 / 11.3.x < 11.3.3 / 11.4.x < 11.4.3 / 11.5.x < 11.5.1 / 11.6.0 Multiple Vulnerabilities (MMSA-2026-00624 / MMSA-2026-00625)

The version of Mattermost Server installed on the remote host is affected by multiple vulnerabilities: - Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker wit...

CVE-2025-68644

Yealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL addresses. This was fixed by deploying an enhanced authentication mechanism through a security update to all cloud instances...

EUVD-2022-0124

Malicious code in bioql PyPI...

PT-2025-26188 · Cryptpad · Cryptpad

Name of the Vulnerable Software and Affected Versions: CryptPad versions prior to 2025.3.0 Description: The issue concerns a weak implementation of access controls in CryptPad, allowing an attacker who compromises a user's credentials to gain access to the victim's account, even if the victim has...

PT-2025-23266 · Zitadel · Zitadel

Name of the Vulnerable Software and Affected Versions: Zitadel versions prior to 2.70.12 Zitadel versions prior to 2.71.10 Zitadel versions prior to 3.2.2 Description: Zitadel is open-source identity infrastructure software. A potential issue exists in the password reset mechanism, where ZITADEL...

ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection

Impact A potential vulnerability exists in ZITADEL's password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset confirmation link. This link, containing a secret code, is then emailed to the user. If an...

PT-2025-20377 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.1.0 through 2.3.0 Checkmk version 2.4.0b6 and earlier Description: The issue allows files to be deployed with agents to be accessible without authentication. This could enable an attacker to access files that may contain...

PT-2023-3809 · Sonicwall · Sonicwall Gms +1

Name of the Vulnerable Software and Affected Versions: SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier Description: The issue is related to the use of a password hash instead of the actual password for authentication, allowing for Pass-the-Hash...

SUSE CVE-2021-27927

In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the init method. An...

PT-2023-16166 · Unknown · Thorsten/Phpmyfaq

Name of the Vulnerable Software and Affected Versions: thorsten/phpmyfaq versions prior to 3.1.10 Description: The issue concerns improper authentication in the thorsten/phpmyfaq GitHub repository. Recommendations: For versions prior to 3.1.10, update to version 3.1.10 or later to resolve the iss...

CVE-2021-37604

In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. With this vulnerability in place, an attacker may increment the incoming frame counter values by...

DEBIAN-CVE-2021-27927

In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the init method. An...

Zabbix SIA Zabbix 跨站请求伪造漏洞

Zabbix Sia Zabbix is an open source monitoring system from the Latvian company Zabbix SIA Zabbix Sia. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. Zabbix has a cross-site request forgery vulnerability that stems from the lack of a CSRF...

PT-2021-7704 · Zabbix +3 · Zabbix +3

Name of the Vulnerable Software and Affected Versions: Zabbix versions 4.0.x through 4.0.28rc1 Zabbix versions 5.0.0alpha1 through 5.0.10rc1 Zabbix versions 5.2.x through 5.2.6rc1 Zabbix versions 5.4.0alpha1 through 5.4.0beta2 Description: The issue is related to a lack of CSRF protection mechani...

Debian DLA-1180-1 : libspring-ldap-java security update

Tobias Schneider discovered that Spring-LDAP would allow authentication with an arbitrary password when the username is correct, no additional attributes are bound and when using LDAP BindAuthenticator with DefaultTlsDirContextAuthenticationStrategy as the authentication strategy and setting...

MS16-137: Description of the security update for Windows authentication methods: November 8, 2016

MS16-137: Description of the security update for Windows authentication methods: November 8, 2016 Summary This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege. To exploit this vulnerability, the attacker woul...