CVE-2026-7387

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Mattermost fails to require role-management authorization when setting the schemeadmin flag on group syncable link and patch endpoints, which allows a user with group-link permissions to escalate themselv...

CVE-2026-7387 Mattermost group syncable endpoints allow privilege escalation via scheme_admin

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Mattermost fails to require role-management authorization when setting the schemeadmin flag on group syncable link and patch endpoints, which allows a user with group-link permissions to escalate themselv...

EUVD-2026-36503

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Mattermost fails to require role-management authorization when setting the schemeadmin flag on group syncable link and patch endpoints, which allows a user with group-link permissions to escalate themselv...

CVE-2018-12101

CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields...

CVE-2018-12101

CVE-2018-12101 affects CMS Clipper 1.3.3 with cross-site scripting in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields. The available documents do not specify the exact vulnerability type (stored vs. reflected), root cause, affected components beyond tho...

CVE-2018-12101

CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields...

WeChat has an arbitrary code execution vulnerability (badkernel)

WeChat is a free application from Tencent that provides instant messaging services for smart terminals. WeChat suffers from a remote arbitrary code execution vulnerability badkernel. Attackers using the vulnerability can carry out quasi-worm spread, and can be sent through the circle of friends a...