Lucene search
K

6043 matches found

NVD
NVD
added 2026/02/14 5:15 p.m.7 views

CVE-2025-71220

In the Linux kernel, the following vulnerability has been resolved: smb/server: call ksmbdsessionrpcclose on error path in createsmb2pipe When ksmbdiovpinrsp fails, we should call ksmbdsessionrpcclose...

7.8CVSS0.0013EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/02/14 5:15 p.m.4 views

CVE-2025-71220

In the Linux kernel, the following vulnerability has been resolved: smb/server: call ksmbdsessionrpcclose on error path in createsmb2pipe When ksmbdiovpinrsp fails, we should call ksmbdsessionrpcclose...

7.8CVSS5.7AI score0.0013EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/02/14 4:27 p.m.27 views

CVE-2025-71220 smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe()

In the Linux kernel, the following vulnerability has been resolved: smb/server: call ksmbdsessionrpcclose on error path in createsmb2pipe When ksmbdiovpinrsp fails, we should call ksmbdsessionrpcclose...

0.0013EPSS
Exploits0References6
OSV
OSV
added 2026/02/14 4:27 p.m.7 views

CVE-2025-71220 smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe()

In the Linux kernel, the following vulnerability has been resolved: smb/server: call ksmbdsessionrpcclose on error path in createsmb2pipe When ksmbdiovpinrsp fails, we should call ksmbdsessionrpcclose...

7.8CVSS5.2AI score0.0013EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/02/14 3:9 p.m.25 views

CVE-2026-23126 netdevsim: fix a race issue related to the operation on bpf_bound_progs list

In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix a race issue related to the operation on bpfboundprogs list The netdevsim driver lacks a protection mechanism for operations on the bpfboundprogs list. When the nsimbpfcreateprog performs listaddtail, it is possibl...

0.00086EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/14 1:6 p.m.9 views

CVE-2026-22892

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...

4.3CVSS5.5AI score0.00239EPSS
Exploits0References1
Veracode
Veracode
added 2026/02/13 3:54 p.m.7 views

Cross-site Scripting (XSS)

SCEditor is vulnerable to Cross-site Scripting XSS. The vulnerability is due to lack of sanitization of user-controlled configuration options passed to sceditor.create, which allows an attacker to inject malicious scripts and execute arbitrary JavaScript in the application context...

5.4CVSS5.8AI score0.00216EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/13 12:31 p.m.9 views

Mattermost doesn't validate user permissions when creating Jira issues from Mattermost posts

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...

4.3CVSS5.5AI score0.00239EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/13 12:31 p.m.3 views

GHSA-9PJ7-JH2R-87G8 Mattermost doesn't validate user permissions when creating Jira issues from Mattermost posts

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...

4.3CVSS5.5AI score0.00239EPSS
Exploits0References3
NVD
NVD
added 2026/02/13 11:16 a.m.9 views

CVE-2026-22892

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...

4.3CVSS0.00239EPSS
Exploits0References1
OSV
OSV
added 2026/02/13 11:16 a.m.4 views

CVE-2026-22892

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...

4.3CVSS5.6AI score
Exploits0References1
CVE
CVE
added 2026/02/13 10:29 a.m.20 views

CVE-2026-22892

Mattermost versions 11.1.x up to 11.1.2, 10.11.x up to 10.11.9, and 11.2.x up to 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts. An authenticated attacker with access to the Jira plugin can read post content and attachments from channels they do not have ...

4.3CVSS5.5AI score0.00239EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/13 10:29 a.m.4 views

CVE-2026-22892 Insufficient Authorization in Mattermost Jira Plugin Allows Unauthorized Access to Post Attachments

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...

4.3CVSS5.5AI score0.00239EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/13 10:29 a.m.5 views

CVE-2026-22892

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...

4.3CVSS5.5AI score0.00239EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/13 10:29 a.m.28 views

CVE-2026-22892 Insufficient Authorization in Mattermost Jira Plugin Allows Unauthorized Access to Post Attachments

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...

4.3CVSS0.00239EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.8 views

PT-2026-7985

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.9 Mattermost versions 11.1.x through 11.1.2 Mattermost versions 11.2.x through 11.2.1 Description The software does not properly validate user permissions when creating Jira issues from Mattermost post...

9.9CVSS5.5AI score0.27661EPSS
Exploits45References119
Snyk
Snyk
added 2026/02/12 10:6 p.m.4 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the overrides.yoke.cd/flight annotation, which allows a user-supplied URL to be used directly by the controller without validation. An attacker can execute arbitrary code within the controller context by...

8.8CVSS6.2AI score0.004EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/12 10:6 p.m.3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the overrides.yoke.cd/flight annotation, which allows a user-supplied URL to be used directly by the controller without validation. An attacker can execute arbitrary code within the controller context by...

8.8CVSS6.2AI score0.004EPSS
Exploits1References2
OSV
OSV
added 2026/02/12 10:6 p.m.4 views

GHSA-WJ8P-JJ64-H7FF Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC

Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC This vulnerability exists in the Air Traffic Controller ATC component of Yoke, a Kubernetes deployment tool. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller...

8.8CVSS6.9AI score0.004EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/12 9:11 p.m.2 views

CVE-2026-26056 Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...

8.8CVSS6.1AI score0.004EPSS
Exploits1References1
Rows per page
Query Builder