Mattermost fails to use consistent error responses when handling the /mute command

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexisten...

CVE-2026-21386

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexisten...

Monitoring 访问控制错误漏洞

Monitoring is an open-source component developed by CTFer.io for collecting and processing monitoring data. Versions of Monitoring prior to 0.2.1 contained a access control vulnerability, which was caused by errors in network policy writing. This vulnerability could allow malicious attackers to...

EulerOS 2.0 SP12 : golang (EulerOS-SA-2026-1394)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a respon...

EulerOS 2.0 SP12 : golang (EulerOS-SA-2026-1363)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a respon...

PX4-Autopilot 安全漏洞

PX4-Autopilot is an open-source drone autopilot system developed by PX4. Versions prior to PX4-Autopilot 1.17.0-rc2 contained security vulnerabilities. These vulnerabilities stemmed from logical errors in the FTP session verification of PX4 Autopilot MAVLink. As a result, unverified attackers cou...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2026-1578)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.CVE-2025-58185 When Conn.Handshake fai...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: gimp (UTSA-2026-006174)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006174 advisory. A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricke...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: redis6 (UTSA-2026-006177)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006177 advisory. Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: gimp (UTSA-2026-006179)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006179 advisory. A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can b...

Improper File Handling

zx is vulnerable to Improper File Handling. The vulnerability is due to a logic error in the linkNodeModules and cleanup routines when using the --prefer-local option, which allows unintended deletion of an external /nodemodules directory outside the current working directory...

ROS-20260313-73-0005

A vulnerability in the pnfsupdatelayout function of the Linux operating system kernel is related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260313-73-0041

A vulnerability in the l2capsockresumecb function of the Bluetooth component of the Linux operating system kernel is related to post-release usage errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260313-73-0024

A vulnerability in the bitmapgetstats function of the Linux operating system kernel is related to state management errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component...

Backstage 输入验证错误漏洞

Backstage is an open-source application developed by Backstage. It serves as an open platform for building developer portals. Versions of Backstage prior to 0.27.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from an experimental OIDC provisioning...

Shopware has user enumeration via distinct error codes on Store API login endpoint

Summary The Store API login endpoint POST /store-api/account/login returns different error codes depending on whether the submitted email address belongs to a registered customer CHECKOUTCUSTOMERAUTHBADCREDENTIALS or is unknown CHECKOUTCUSTOMERNOTFOUND. The "not found" response also echoes the...

SUSE CVE-2025-14435

Mattermost versions 10.11.x = 10.11.8, 11.1.x = 11.1.1, 11.0.x = 11.0.6 fail to prevent infinite re-renders on API errors which allows authenticated users to cause application-level DoS via triggering unbounded component re-render loops...

CVE-2026-30235

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, this vulnerability occurs due to improper validation of OpenProject’s Markdown rendering, specifically in the hyperlink handling. This allows an attacker to inject malicious hyperlink payloads that perform DOM...

SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2026:0851-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0851-1 advisory. - CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression bsc1258743. - CVE-2026-24484:...