WordPress plugin 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

OESA-2026-2216 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker ...

PT-2026-38154

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Insufficient validation of untrusted input in Permissions allows an attacker on the local network segment to leak cross-origin data via malicious network traffic. Recommendations Update...

EUVD-2026-24199

An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation...

WordPress plugin WP-Chatbot for Messenger 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2026-26230

A permissions validation flaw has been discovered in mattermost server. Affected versions fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mitigation Mitigation for this issue is either not...

EUVD-2026-12518

Mattermost versions 10.11.x = 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mattermost Advisory ID: MMSA-2025-00531...

GHSA-XPVF-6QCC-9JQC Mattermost fails to validate team-specific upload_file permissions

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to validate team-specific uploadfile permissions which allows a guest user to post files in channels where they lack uploadfile permission via uploading files in a team where they have permission and reusing the file...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw prior to 2026.2.6 contained security vulnerabilities. These vulnerabilities stemmed from a flaw in permission list validation, which allowed equal matches for the variable actor.name field. This could allow attacker...

GO-2026-4496 Mattermost doesn't validate user permissions when creating Jira issues from Mattermost posts in github.com/mattermost/mattermost-server

Mattermost doesn't validate user permissions when creating Jira issues from Mattermost posts in github.com/mattermost/mattermost-server...

PT-2026-4537

Name of the Vulnerable Software and Affected Versions MyTube versions 1.7.78 and below Description The MyTube application does not properly protect against authorization bypass, potentially allowing guest users to download the complete application database. The application does not validate user...

GO-2025-4172 Mattermost fails to validate user permissions when deleting comments in Boards in github.com/mattermost/mattermost

Mattermost fails to validate user permissions when deleting comments in Boards in github.com/mattermost/mattermost. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive repor...

EUVD-2021-26300

Malware in sbrugna...

EUVD-2023-2518

Malicious code in bioql PyPI...

EUVD-2021-28835

Malicious code in bioql PyPI...

EUVD-2022-6985

Malicious code in bioql PyPI...

CVE-2025-48941 MyBB may disclosure unviewable threads' titles in searches

MyBB is free and open source forum software. Prior to version 1.8.39, the search component does not validate permissions correctly, which allows attackers to determine the existence of hidden draft, unapproved, or soft-deleted threads containing specified text in the title. The visibility state...

CVE-2025-41423 Unauthorized Playbooks Post Deletion in Mattermost Playbooks Plugin

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to properly validate permissions for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts containing actions created by the Playbooks bot, even without...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an authorization issue vulnerability that stems from insufficient permissions validation, which can be exploited by an attacker to cause deletion of posts...

CVE-2025-24807

eprosima Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. Prior to versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0, per design, PermissionsCA is not full chain validated, nor is the expiration date validated. Access contro...