18073 matches found
CVE-2026-48849
creationtimestamp| type| source ---|---|--- 2026-07-13 22:00:42+00:00| seen| https://t.me/GithubRedTeam/88901 2026-07-14 00:00:41+00:00| seen| https://t.me/GithubRedTeam/88901...
CVE-2026-11784
creationtimestamp| type| source ---|---|--- 2026-07-13 22:00:23+00:00| seen| https://t.me/GithubRedTeam/89640 2026-07-14 00:00:38+00:00| seen| https://t.me/GithubRedTeam/89640...
CVE-2020-8636
creationtimestamp| type| source ---|---|--- 2026-07-13 22:00:19+00:00| seen| https://t.me/GithubRedTeam/90443 2026-07-14 00:00:36+00:00| seen| https://t.me/GithubRedTeam/90443...
CVE-2026-25194
creationtimestamp| type| source ---|---|--- 2026-07-13 22:00:07+00:00| seen| https://t.me/GithubRedTeam/92513 2026-07-14 00:00:17+00:00| seen| https://t.me/GithubRedTeam/92513...
CVE-2026-9824
Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to check the managesharedchannels permission in the /share-channel autocomplete handler, which allows an authenticated user without that permission to enumerate configured remote cluster connection metadata via slash...
EUVD-2026-43308
Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to validate that an assigned incoming webhook user has access to the target team or channel, which allows a requester with webhook management permissions to create posts or direct messages attributed to another user via...
EUVD-2026-43307
Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to verify post ownership in the shared channel inbound sync handler, which allows an authenticated remote cluster to modify or delete posts authored by local users or other remotes via crafted sync messages referencing...
EUVD-2026-43312
Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to verify that the channel referenced in an action cookie matches the channel of the target post, which allows an authenticated user without access to a private channel to trigger interactive post actions on posts in th...
CVE-2026-10106
Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to verify that the channel referenced in an action cookie matches the channel of the target post, which allows an authenticated user without access to a private channel to trigger interactive post actions on posts in th...
CVE-2026-10106
Mattermost vulnerable versions: 11.7.x ≤ 11.7.2, 11.6.x ≤ 11.6.4, and 10.11.x ≤ 10.11.19. The issue stems from failing to verify that the channel referenced in an action cookie matches the target post’s channel, enabling an authenticated user without access to a private channel to trigger interac...
CVE-2026-10106 Unauthorized users can trigger interactive post actions in private channels via action cookie channel mismatch in Mattermost
Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to verify that the channel referenced in an action cookie matches the channel of the target post, which allows an authenticated user without access to a private channel to trigger interactive post actions on posts in th...
CVE-2026-10085
Mattermost is affected in versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, and 10.11.x
gimp: gimp: Heap buffer overflow in read_channel_data()
A flaw was found in GIMP's Paint Shop Pro PSP file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service DoS by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs because the...
CVE-2019-0825
creationtimestamp| type| source ---|---|--- 2026-07-12 22:00:14+00:00| seen| https://t.me/securixykz/495 2026-07-13 00:00:38+00:00| seen| https://t.me/securixykz/495 2026-07-14 00:00:54+00:00| seen| https://t.me/securixykz/495...
CVE-2024-21007
creationtimestamp| type| source ---|---|--- 2026-07-12 22:00:11+00:00| seen| https://t.me/securixykz/912 2026-07-13 00:00:35+00:00| seen| https://t.me/securixykz/912 2026-07-14 00:00:58+00:00| seen| https://t.me/securixykz/912...
GHSA-R389-865G-HCG3
creationtimestamp| type| source ---|---|--- 2026-07-12 22:00:09+00:00| seen| https://t.me/securixykz/1030 2026-07-13 00:00:34+00:00| seen| https://t.me/securixykz/1030 2026-07-14 00:01:00+00:00| seen| https://t.me/securixykz/1030...
GHSA-FH4V-V779-4G2W
creationtimestamp| type| source ---|---|--- 2026-07-12 22:00:09+00:00| seen| https://t.me/securixykz/1104 2026-07-13 00:00:33+00:00| seen| https://t.me/securixykz/1104 2026-07-14 00:01:01+00:00| published-proof-of-concept| https://t.me/securixykz/1104...
CVE-2026-56240
Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the planvalid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence between the plugin hot-path planvalid expression and the...
EUVD-2026-43169
Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the planvalid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence between the plugin hot-path planvalid expression and the...
CVE-2026-57218
RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an existing consumer to keep receiving messages after OAuth token expiry or connection.updatesecret refresh to reduced scopes because existing consumers are not canceled or reauthorized at delivery time after...