CVE-2026-3524 Authorization Bypass in Mattermost Legal Hold Plugin Due to Missing Return After Permission Check

Mattermost Plugin Legal Hold versions =1.1.4 fail to halt request processing after a failed authorization check in ServeHTTP which allows an authenticated attacker to access, create, download, and delete legal hold data via crafted API requests to the plugin's endpoints. Mattermost Advisory ID:...

Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026

Meta has announced plans to discontinue support for end-to-end encryption E2EE for chats on Instagram after May 8, 2026. "If you have chats that are impacted by this change, you will see instructions on how you can download any media or messages you may want to keep," the social media giant said ...

Nanjing Hanyuan HY511 POE 安全漏洞

Nanjing Hanyuan HY511 POE is an embedded smart display panel from Nanjing Hanyuan, China. A security vulnerability exists in Nanjing Hanyuan HY511 POE versions prior to 2.1 and plugins prior to 0.1, which stems from insufficient device cookie validation, and could lead to an attacker downloading...

CVE-2025-14521

A security vulnerability has been detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The affected element is an unknown function of the file /admin/index.php/datafile/download. Such manipulation of the argument filename leads to path traversal. The attack may be performed fro...

EUVD-2020-17391

Malware in sbrugna...

EUVD-2019-0283

Malware in sbrugna...

EUVD-2020-8206

Malware in sbrugna...

EUVD-2020-27412

Malware in sbrugna...

EUVD-2025-29082

Malicious code in bioql PyPI...

CVE-2025-42911

SAP NetWeaver Service Data Download allows an authenticated user to call a remote-enabled function module, which could grant access to information about the SAP system and operating system. This leads to a low impact on confidentiality, with no effect on the integrity and availability of the...

CVE-2025-42911

SAP NetWeaver Service Data Download allows an authenticated user to call a remote-enabled function module, which could grant access to information about the SAP system and operating system. This leads to a low impact on confidentiality, with no effect on the integrity and availability of the...

CVE-2025-42911 Missing Authorization check in SAP NetWeaver (Service Data Download)

SAP NetWeaver Service Data Download allows an authenticated user to call a remote-enabled function module, which could grant access to information about the SAP system and operating system. This leads to a low impact on confidentiality, with no effect on the integrity and availability of the...

CVE-2025-42911

CVE-2025-42911 affects SAP NetWeaver (Service Data Download). An authenticated user can call a remote-enabled function module, potentially exposing information about the SAP system and operating system. The impact is described as low confidentiality impact, with no stated effects on integrity or ...

CVE-2025-42911 Missing Authorization check in SAP NetWeaver (Service Data Download)

SAP NetWeaver Service Data Download allows an authenticated user to call a remote-enabled function module, which could grant access to information about the SAP system and operating system. This leads to a low impact on confidentiality, with no effect on the integrity and availability of the...

CVE-2025-30127

An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Once access is gained either by default, common, or cracked passwords, the video recordings containing sensitive routes, conversations, and footage are open for downloading by creating a socket to command port 7777, and then...

WordPress plugin Booking X 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-33054

Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data...

CVE-2022-41799

Improper access control vulnerability in GROWI prior to v5.1.4 v5 series and versions prior to v4.5.25 v4 series allows a remote authenticated attacker to bypass access restriction and download the markdown data from the pages set to private by the other users...

CVE-2022-47075

An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx...

CVE-2021-39231

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration...