19115 matches found
Group-Office < 26.0.5 - Remote Code Execution
Group-Office before versions 6.8.150, 25.0.82, and 26.0.5 is vulnerable to remote code execution via OS command injection. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled parameter tmpfile into an exec call. By injecting shell metacharacters into...
EUVD-2026-43536
OpenClaw versions 2026.3.22 before 2026.6.6 contain an authorization bypass vulnerability where WhatsApp group IDs can satisfy elevated sender allowlists. Attackers with lower-trust access can perform actions requiring stronger authorization by leveraging group ID validation in the affected featu...
CVE-2026-53364
The CVE-2026-53364 entry concerns the Linux kernel Bluetooth HCI subsystem. A memory leak in hci_le_big_terminate() occurs when iso_list_data allocated via kzalloc_obj is not freed on an early return path after evaluating PA/BIG sync state (neither pa_sync_term nor big_sync_term flags set). This ...
Malicious code in @sqlite-group/schema-generator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d317d08a81d92d85c53ffe33ef8c709b706ed09c1f89b1c6489ac4fbf9f82c8 On require/import, index.js fetches the content of a GitHub Gist https://gist.github.com/getchainverse/b57a92378ad0a52430137c3b810e7107, retrieved vi...
EUVD-2026-43311
Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to restrict the groupconstrained channel flag to public and private channels that support group synchronization, which allows an ordinary group or direct message member to remove all participants from the conversation v...
CVE-2026-10085
Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to restrict the groupconstrained channel flag to public and private channels that support group synchronization, which allows an ordinary group or direct message member to remove all participants from the conversation v...
CVE-2026-10085
Mattermost is affected in versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, and 10.11.x
EUVD-2026-43192
A vulnerability has been found in Eleveo Call Recording Software 9.7.0. Affected by this issue is some unknown functionality of the file /callrec/group.jsp. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may...
CVE-2026-15470
Technical details (affected product, versions, root cause, exploit specifics) are not publicly provided in the supplied documents. Monitor for updates.
CVE-2026-15374
A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function of the file /callrec/roleAddAction.do of the component Group Interface. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-15374
Technical details beyond the initial description are not publicly available in the provided documents. Monitor for updates on CVE-2026-15374 affecting Eleveo Call Recording Software 9.7.0, specifically the /callrec/roleAddAction.do improper authorization vulnerability.
CVE-2026-15374 Eleveo Call Recording Software Group roleAddAction.do improper authorization
A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function of the file /callrec/roleAddAction.do of the component Group Interface. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been...
EUVD-2026-42923
A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function of the file /callrec/roleAddAction.do of the component Group Interface. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-15374 Eleveo Call Recording Software Group roleAddAction.do improper authorization
A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function of the file /callrec/roleAddAction.do of the component Group Interface. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-22660
FlaskBB
New MODBEACON RAT Uses gRPC Streaming for Encrypted C2 Traffic
The China-linked cybercrime group known as Silver Fox has been attributed to a new Rust-based remote access trojan RAR called MODBEACON. Chinese cybersecurity company QiAnXin said that while the threat cluster may appear like a low-sophistication, high-activity operation that propagates malware v...
CVE-2026-44787
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the signup flow could allow newly registered users to set primarygroupid and gain whisper-group privileges without legitimate group membership on sites with whispersallowedgroups configured. This...
CVE-2026-45780
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, EventSerializer could expose invited group names, sample invitees, and attendance statistics to users who could view the topic but were not entitled to view the private event invitee list. This...
CVE-2026-44787
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the signup flow could allow newly registered users to set primarygroupid and gain whisper-group privileges without legitimate group membership on sites with whispersallowedgroups configured. This...
CVE-2026-44787
Discourse exposes a flaw in signup: before versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a new user could set primary_group_id and gain whisper-group privileges when whispers_allowed_groups is configured. This is fixed in 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5. The CVSS 3.1 base score ...