Incorrect Authorization

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization via the command update API. An attacker can impersonate existing system or custom commands by editing their own slash...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the command update API. An attacker can impersonate existing system or custom commands by editing their own slash command trigger to match an already-registered trigger, potentially hijacking command...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the command update API. An attacker can impersonate existing system or custom commands by editing their own slash command trigger to match an already-registered trigger, potentially hijacking command...

Mattermost doesn't enforce slash command trigger-word uniqueness during command updates

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with Manage Own Slash Commands permission to hijack and impersonate existing system or custom slash...

CVE-2026-28732

Mattermost fixes are for versions 11.5.x (up to 11.5.1), 10.11.x (up to 10.11.13), and 11.4.x (up to 11.4.3). The issue is a failure to enforce slash command trigger-word uniqueness during command updates, allowing an authenticated team member with Manage Own Slash Commands permission to hijack o...

PT-2026-41649

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with Manage Own Slash Commands permission to hijack and impersonate existing system or custom slash...

EUVD-2021-22897

Malware in sbrugna...

EUVD-2019-13384

Malware in sbrugna...

EUVD-2022-37414

Malicious code in bioql PyPI...

EUVD-2023-27784

Malicious code in bioql PyPI...

EUVD-2023-31790

Malicious code in bioql PyPI...

EUVD-2022-37337

Malicious code in bioql PyPI...

EUVD-2023-31796

Malicious code in bioql PyPI...

EUVD-2024-26024

Malicious code in bioql PyPI...

Advisory ROSA-SA-2025-2939

Software: openvpn 2.5.8 OS: ROSA-CHROME unaffected versions = openvpn-2.5.8-2 affected versions openvpn-2.5.8-2 CVE-ID: CVE-2024-4877 BDU-ID: 2025-03850 CVE-Crit: MEDIUM CVE-DESC.: An Interactive Service iservice vulnerability in the OpenVPN GUI client of the OpenVPN software is related to access...

Dell Command | Update and Dell Update < 5.4 DoS

The version of Dell Command | Update or Dell Update on the remote Windows host is prior to 5.4. It is, therefore, affected by a denial of service vulnerability: - Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function...

crash-trace-command bug fix and enhancement update

An update is available for crash-trace-command. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rock...

Advisory ROSA-SA-2025-2831

Software: grafana 7.5.15 OS: ROSA Virtualization 3.0 packageevrstring: grafana-7.5.15-5.rv30 CVE-ID: CVE-2023-44487 BDU-ID: 2023-06559 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HTTP/2 protocol implementation is related to the ability to generate a stream of requests within an already...

Advisory ROSA-SA-2025-2793

Software: bubblewrap 0.4.0 OS: ROSA Virtualization 3.0 packageevrstring: bubblewrap-0.4.0-2.rv30 CVE-ID: CVE-2024-42472 BDU-ID: 2024-06671 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Flatpak application and environment management tool is related to improper neutralization of special output...

Advisory ROSA-SA-2025-2775

Software: c-ares 1.13.0 OS: ROSA Virtualization 2.1 packageevrstring: c-ares-1.13.0-11.rv3 CVE-ID: CVE-2020-22217 BDU-ID: 2023-05898 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the aresparsesoareply function of the C-ares asynchronous DNS query library is related to an operation exceeding...