CVE-2023-53939

TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the folder name parameter. Attackers can edit album folder names with script tags to execute arbitrary JavaScript when other users view the affected...

CVE-2023-53939 TinyWebGallery v2.5 Stored Cross-Site Scripting via Folder Name Parameter

TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the folder name parameter. Attackers can edit album folder names with script tags to execute arbitrary JavaScript when other users view the affected...

CVE-2023-53939 TinyWebGallery v2.5 Stored Cross-Site Scripting via Folder Name Parameter

TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the folder name parameter. Attackers can edit album folder names with script tags to execute arbitrary JavaScript when other users view the affected...

CVE-2023-53939

CVE-2023-53939 concerns TinyWebGallery v2.5 with a stored cross-site scripting (XSS) flaw triggered via the folder name parameter in album folders. Authenticated users can insert script tags into folder names, which then execute arbitrary JavaScript when other users view affected gallery pages. T...

CVE-2025-13326

Mattermost Desktop App versions 6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder...

CVE-2025-53919

An issue was discovered in the Portrait Dell Color Management application through 3.3.008 for Dell monitors, It creates a temporary folder, with weak permissions, during installation and uninstallation. A low-privileged attacker with local access could potentially exploit this, leading to elevati...

PT-2025-52318

Name of the Vulnerable Software and Affected Versions TinyWebGallery version 2.5 Description TinyWebGallery version 2.5 has a stored cross-site scripting issue. Authenticated attackers can inject malicious scripts through the folder name parameter. Attackers can modify album folder names with...

CVE-2025-13326

Mattermost Desktop App versions 6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder...

EUVD-2025-203897

An issue was discovered in the Portrait Dell Color Management application through 3.3.008 for Dell monitors, It creates a temporary folder, with weak permissions, during installation and uninstallation. A low-privileged attacker with local access could potentially exploit this, leading to elevati...

CVE-2025-53919

An issue was discovered in the Portrait Dell Color Management application through 3.3.008 for Dell monitors, It creates a temporary folder, with weak permissions, during installation and uninstallation. A low-privileged attacker with local access could potentially exploit this, leading to elevati...

Portrait Displays Dell Color Management 安全漏洞

Portrait Displays Dell Color Management is a color management software from Portrait Displays, Inc. A security vulnerability exists in Portrait Displays Dell Color Management version 3.3.8, which stems from an improperly set permissions on a temporary folder created when using a custom installati...

CVE-2025-53919

The CVE concerns Portrait Dell Color Management (versions through 3.3.008). During installation/uninstallation, it creates a temporary folder with weak permissions, which a local, low-privileged attacker could abuse to elevate privileges. Affected product: Portrait Dell Color Management. Root cau...

Mattermost Desktop App 安全漏洞

Mattermost Desktop App is a messaging desktop application from Mattermost USA. A security vulnerability exists in Mattermost Desktop App versions prior to 6.0.0, which stems from the failure to enable the hardened runtime when packaging for the Mac App Store, and could result in inheriting TCC...

PT-2025-51844

Name of the Vulnerable Software and Affected Versions Portrait Dell Color Management versions through 3.3.008 Description The Portrait Dell Color Management application creates a temporary folder with weak permissions during installation and uninstallation. A local attacker with limited privilege...

CVE-2025-53919

An issue was discovered in the Portrait Dell Color Management application through 3.3.008 for Dell monitors, It creates a temporary folder, with weak permissions, during installation and uninstallation. A low-privileged attacker with local access could potentially exploit this, leading to elevati...

CVE-2025-53919

An issue was discovered in the Portrait Dell Color Management application through 3.3.008 for Dell monitors, It creates a temporary folder, with weak permissions, during installation and uninstallation. A low-privileged attacker with local access could potentially exploit this, leading to elevati...

WordPress FileBird – WordPress Media Library Folders & File Manager plugin <= 6.5.1 - Missing Authorization to Authenticated (Author+) Global Folders Tampering vulnerability

Missing Authorization to Authenticated Author+ Global Folders Tampering vulnerability discovered by type5afe in WordPress Plugin Filebird versions = 6.5.1...

VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption

The pro-Russian hacktivist group known as CyberVolk aka GLORIAMIST has resurfaced with a new ransomware-as-a-service RaaS offering called VolkLocker that suffers from implementation lapses in test artifacts, allowing users to decrypt files without paying an extortion fee. According to SentinelOne...

CVE-2025-14508

The MediaCommander – Bring Folders to Media, Posts, and Pages plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the import-csv REST API endpoint in all versions up to, and including, 2.3.1. This is due to the endpoint using uploadfiles capabilit...

Permission Bypass

Jenkins Folder-based Authorization Strategy Plugin is vulnerable to Permission Bypass. The vulnerability is due to the plugin not verifying that permissions configured to be granted are enabled, where users formerly granted optional permissions can access functionality they're no longer entitled...