CVE-2026-32690

creationtimestamp| type| source ---|---|--- 2026-04-17 16:27:28+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mjpdqg5ahr24 2026-04-18 08:18:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjqyu6svs32t...

EUVD-2026-22915

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

EUVD-2026-22837

It has been identified that a vulnerability CWE-427 exists in the UPS Uninterruptible Power Supply management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is...

EUVD-2026-22836

Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting XSS due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check IsDangerousURL before resolving HTML entities...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the authentication process. An attacker can gain unauthorized access to multiple authenticated...

Mattermost has session spoofing due to lack of single-use consumption of guest magic link tokens enforcement

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

goldmark vulnerable to Cross-site Scripting (XSS)

Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting XSS due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check IsDangerousURL before resolving HTML entities...

GHSA-MH4X-RMRX-3HP4 Mattermost has session spoofing due to lack of single-use consumption of guest magic link tokens enforcement

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

CVE-2026-35073

creationtimestamp| type| source ---|---|--- 2026-04-17 14:07:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjp3vc4msi22...

CVE-2026-6507

creationtimestamp| type| source ---|---|--- 2026-04-17 13:17:54+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjoz5gjsrj24 2026-04-17 14:04:34+00:00| seen| https://bsky.app/profile/clankussy.abu.guru/post/3mjp3quxgvq2w 2026-04-17 14:14:24+00:00| seen|...

CVE-2025-15624

creationtimestamp| type| source ---|---|--- 2026-04-17 10:50:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjoqveekgm2f 2026-04-17 11:17:26+00:00| seen| Telegram/Gicxpbsei5vwZhhkOJEP5kItUnFZEzNYMMsg3c4t0xeHr7Q...

CVE-2025-15625

creationtimestamp| type| source ---|---|--- 2026-04-17 10:35:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjoq2j2jxn26 2026-04-17 11:17:26+00:00| seen| Telegram/Gicxpbsei5vwZhhkOJEP5kItUnFZEzNYMMsg3c4t0xeHr7Q...

CVE-2026-6494

creationtimestamp| type| source ---|---|--- 2026-04-17 10:30:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjopstiprf26...

CVE-2026-6451

creationtimestamp| type| source ---|---|--- 2026-04-17 10:27:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjopm4miod2k 2026-04-17 12:32:05+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mjowljd7yw2n...

CVE-2026-4817

creationtimestamp| type| source ---|---|--- 2026-04-17 06:55:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjodqwhbqp2f 2026-04-17 08:32:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mjoj6ezi7t2i...

CVE-2026-4659

CVE-2026-4659 affects the Unlimited Elements for Elementor plugin on WordPress. Versions up to and including 2.0.6 are vulnerable to an Arbitrary File Read via the Repeater JSON/CSV URL parameter. The root cause is insufficient path traversal sanitization in the URLtoRelative() and urlToPath() fu...

CVE-2026-3330

creationtimestamp| type| source ---|---|--- 2026-04-17 06:23:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjobynzvvw2s 2026-04-17 20:32:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mjprfu2tkp2r...

CVE-2026-4853

creationtimestamp| type| source ---|---|--- 2026-04-17 06:20:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjobtc2x6a22 2026-04-17 22:32:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mjpy4gr6wa2r...

CVE-2026-5427

creationtimestamp| type| source ---|---|--- 2026-04-17 06:13:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjobfqtiah2k 2026-04-17 23:32:05+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mjq3hp52oo2l...

CVE-2026-4666

creationtimestamp| type| source ---|---|--- 2026-04-17 06:10:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjobbvvw652f 2026-04-17 21:32:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mjpur5dhl32n...