CVE-2008-5352 vulnerabilities

Vulnerabilities for packages: openjdk-11-openj9, openjdk-25-openj9, openjdk-21-openj9, openjdk-26-openj9, openjdk-17-openj9, openjdk-8-openj9...

EUVD-2026-31431

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to crash the server via timing the creation of persistent notification message between the server deleting...

Astra Linux - уязвимость в tomcat9

When responding to new H2C connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, and 8.5.0 to 8.5.61 may duplicate request headers and a limited amount of request body from one request to another. This means that user A and user B may both see the results of user A’...

CVE-2025-36375 IBM DataPower Gateway vulnerable to CSRF

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and...

GO-2026-4732 Mattermost allows attackers to spoof permalink embeds in github.com/mattermost/mattermost-server

Mattermost allows attackers to spoof permalink embeds in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 25.0 contained security vulnerabilities. These vulnerabilities stemmed from the /objects/playlistsFromUser.json.php endpoint, which returned playlists for all users without...

EUVD-2025-206566

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when the RPSCAN feature is enabled...

PT-2026-3714

Name of the Vulnerable Software and Affected Versions Oracle Hospitality OPERA 5 versions 5.6.19.23 through 5.6.27.4 Description An easily exploitable issue exists in the Oracle Hospitality OPERA 5 product, specifically within the Opera Servlet component. An unauthenticated attacker with network...

PT-2025-43183

Name of the Vulnerable Software and Affected Versions Icegram Icegram Express Pro versions through 5.9.5 Description A Server-Side Request Forgery SSRF issue exists in Icegram Icegram Express Pro email-subscribers-premium. This allows for Server Side Request Forgery. Recommendations Update Icegra...

CVE-2025-53971

Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins to demote Team Members to Guests via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles API endpoint...

CVE-2025-33120

IBM QRadar SIEM versions 7.5 through 7.5.0 UP13 are affected by a local privilege escalation due to a misconfigured cronjob that runs with unnecessary privileges. The vulnerability (CWE-250) allows an authenticated user to escalate privileges because the cronjob is executed with elevated rights. ...

CVE-2025-53971

Mattermost Server vulnerability CVE-2025-53971 affects versions 10.5.x ≤ 10.5.8 and 9.11.x ≤ 9.11.17. The issue arises from improper authorization validation for team scheme role modifications, allowing Team Admins to demote Team Members to Guests via PUT /api/v4/teams/{team-id}/members/{user-id}...

PT-2025-34197 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.5.x through 10.5.8 Mattermost versions 9.11.x through 9.11.17 Description: Mattermost fails to properly validate authorization for team scheme role modifications. This allows Team Admins to demote Team Members to Guests...

IBM webMethods Integration 安全漏洞

IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. A security vulnerability exists in IBM webMethods Integration versions 10.5, 10.7, 10.11, and 10.15, which stems from improper permissions when dealing with external entities, which could result in...

OESA-2025-1140 qt5-qtnetworkauth security update

Qt5 - NetworkAuth component Security Fixes: QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.CVE-2024-36048...

nanoid 安全漏洞

nanoid Nano ID is a small, secure, URL-friendly, unique string ID generator for JavaScript by the individual developer Andrey Sitnik. A security vulnerability exists in nanoid versions prior to 5.0.9, which stems from improper handling of non-integer values...

PT-2024-9758 · Mattermost +1 · Mattermost +1

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.9 Mattermost versions 9.10.x through 9.10.2 Mattermost versions 9.11.x through 9.11.1 Description: The issue is related to the lack of authorization procedure in the Mattermost application, which allows a...

PT-2024-32335 · Mattermost +1 · Mattermost +1

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.0 Mattermost versions 9.5.x through 9.5.8 Description: The issue arises from the failure to validate that the message of a permalink post is a string, allowing an attacker to send a non-string value as...

PT-2024-24990 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.8.x through 9.8.2 Mattermost versions 9.5.x through 9.5.7 Mattermost versions 9.9.x through 9.9.1 Mattermost versions 9.10.x through 9.10.0 Description: The issue arises when shared channels are enabled in Mattermost,...

PT-2024-28468 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.5 Mattermost version 9.8.0 Description: The issue allows a high-privileged attacker with access to the audit logs to read message contents due to the failure to sanitize the RemoteClusterFrame payloads...