EUVD-2026-36500

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated users with the managesecureconnections permission to obtain remote cluster authentication tokens via a PATCH request to the...

PT-2026-48940

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated users with the manage secure connections permission to obtain remote cluster authentication tokens via a PATCH request to the...

DROWN Vulnerability Remains 'High' Risk, Firms Say

Despite the rush to patch systems at risk to the massive transport layer security TLS vulnerability, known as DROWN, hundreds of cloud services are still at risk of attack. According to two independent research firms, Netskope and Skyhigh Networks, a week after the vulnerability was identified...

Month Of Twitter Bugs - TweetGrid XSS

Sunday, July 12, 2009 MoTB 12: Reflected XSS in TweetGrid What is TweetGrid "TweetGrid is a powerful Twitter Search Dashboard that allows you to search for up to 9 different topics, events, converstations, hashtags, phrases, people, groups, etc in real-time. As new tweets are created, they are...

KPMG-2002026: Jrun sourcecode Disclosure

-------------------------------------------------------------------- Title: Jrun sourcecode Disclosure BUG-ID: 2002026 Released: 01st Jul 2002 -------------------------------------------------------------------- Problem: ======== It is possible for a malicious user to trick the Jrun webserver int...