CVE-2025-12756

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users...

CVE-2025-12756

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users...

GHSA-W756-RF26-7RMR FeehiCMS is vulnerable to reverse tabnabbing

Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function...

EUVD-2025-200002

Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function...

FeehiCMS is vulnerable to reverse tabnabbing

Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function...

CVE-2025-63522

Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function...

CVE-2025-63522

Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function...

CVE-2025-63522

Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function...

PT-2025-48453

Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function...

CVE-2025-63522

FeehiCMS 2.1.1 is affected in the Comments Management function by a Reverse Tabnabbing issue. Attacker-controlled or manipulated link behavior in target="_blank" could enable phishing or session-hijacking-type effects as described in connected sources. The vulnerability is rated CVSS v3.1 base sc...

FeehiCMS 安全漏洞

FeehiCMS is a Php-based CMS website builder by Liufee Personal Developer. A security vulnerability exists in FeehiCMS version 2.1.1, which originates from a reverse tag hijacking issue in the Comments Management function...

CVE-2025-63522

Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function...

CVE-2025-63317

Todoist v8896 is affected by an XSS vulnerability in the /api/v1/uploads endpoint. Uploaded SVG files are not sanitized, allowing embedded JavaScript to execute when a user opens the attachment from a task or comment. The Red Hat and EU/NVD entries corroborate Todoist v8896 as vulnerable to SVG-b...

RLSA-2025:21255 Moderate: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap CVE-2025-9230 For more details about the securi...

BIT-GITLAB-2025-6945 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments...

CVE-2025-6945

GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments...

EUVD-2025-197764

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the parsedynamicmfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post...

EUVD-2025-197691

GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments...

CVE-2025-6945

GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments...

UBUNTU-CVE-2025-6945

GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments...