EUVD-2026-31431

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to crash the server via timing the creation of persistent notification message between the server deleting...

PT-2026-36061

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 Description An infinite loop in the GNW protocol dissector allows for a denial of service. Recommendations Update Wireshark versions 4.6.0 through 4.6.4 to a versio...

CVE-2025-14456

CVE-2025-14456 affects IBM MQ Appliance, specifically 9.4 CD through 9.4.4.0 to 9.4.4.1. The root cause is the use of weaker than expected cryptographic algorithms, resulting in a CVSS v3.1 base score of 5.9 (Impact: Confidentiality High; others None). IBM’s bulletin notes this could allow an att...

CVE-2025-49937 WordPress Smash Balloon Social Post Feed plugin <= 4.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash Balloon Social Post Feed: from n/a through = 4.3.2...

GHSA-FJRP-77F3-43XJ Liferay Portal is vulnerable to XSS through its Commerce Product's Name text field

Cross-site Scripting XSS vulnerability in the Commerce Product Comparison Table widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML v...

RHSA-2025:16583 Red Hat Security Advisory: kpatch-patch-4_18_0-477_67_1, kpatch-patch-4_18_0-477_81_1, kpatch-patch-4_18_0-477_89_1, and kpatch-patch-4_18_0-477_97_1 security update

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2021-35594

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.33 and prior, 7.5.23 and...

PT-2025-32929 · Adobe · Indesign Desktop 19.5.4 +1

Name of the Vulnerable Software and Affected Versions: InDesign Desktop versions 20.4 and earlier InDesign Desktop version 19.5.4 Description: InDesign Desktop versions 20.4 and earlier, and version 19.5.4 are affected by a heap-based buffer overflow that may lead to arbitrary code execution with...

CVE-2025-24386

Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privilege...

CVE-2025-24385

Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges...

CVE-2024-51186

D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution RCE vulnerability via the pingaddr parameter in the pingv4 and pingv6 functions...

Liferay Portal和Liferay DXP 跨站请求伪造漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DX...

@amplicode/addon-email-templates (>=0.0.1-snapshot.8 <=0.1.0-snapshot.1.6), @dankolz/news-flash (>=1.0.1 <=1.0.2) +9 more potentially affected by CVE-2024-43407 via ckeditor4 (>=4.14.0 <=4.22.1)

ckeditor4 NPM version =4.14.0, =0.0.1-snapshot.8, =1.0.1, =1.0.0, =1.0.0, =2.10.93, =2.10.0, =0.0.0, =1.0.36, =1.0.6, =1.0.59 Source cves: CVE-2024-43407 Source advisory: OSV:GHSA-7R32-VFJ5-C2JV...

PT-2024-18447 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 8.1.x through 8.1.8 Mattermost versions 9.2.x through 9.2.4 Mattermost version 9.3.0 Mattermost versions 9.4.x through 9.4.1 Description: The issue allows an authenticated attacker to cause the server to run out of memory...

@amplicode/addon-email-templates (>=0.0.1-snapshot.8 <=0.1.0-snapshot.1.6), @dankolz/news-flash (>=1.0.1 <=1.0.2) +9 more potentially affected by CVE-2024-24816 via ckeditor4 (>=4.14.0 <=4.22.1)

ckeditor4 NPM version =4.14.0, =0.0.1-snapshot.8, =1.0.1, =1.0.0, =1.0.0, =2.10.93, =2.10.0, =0.0.0, =1.0.36, =1.0.6, =1.0.59 Source cves: CVE-2024-24816 Source advisory: OSV:GHSA-MW2C-VX6J-MG76...

ALPINE-CVE-2022-35951

Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument may cause an integer overflow, a subsequent heap...

Aruba Instant Access Point 命令注入漏洞

Aruba Access Points is a wireless network from Aruba USA. It provides Internet access. A security vulnerability exists in Aruba Instant Access Points that allows arbitrary commands to be executed remotely. The following products and versions are affected: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and...

CVE-2020-24424

Adobe Premiere Pro version 14.4 and earlier is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

Adobe Experience Manager Authentication Bypass Vulnerability

Adobe Experience Manager is an enterprise content management solution that helps you simplify the management and delivery of your content and assets. An authentication bypass vulnerability exists in Adobe Experience Manager 6.5 and 6.4. An attacker can exploit this vulnerability to achieve remote...

WordPress Personalized WooCommerce Cart Page Plugin Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Personalized WooCommerce Cart Page plugin is a plugin for adding text to WooCommerce pages. The platform supports personalized blog sit...