Lucene search
K

440 matches found

CNNVD
CNNVD
added 2026/03/24 12:0 a.m.7 views

Vikunja 资源管理错误漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja from 1.0.0-rc0 to 2.2.0 contained a resource management vulnerability. This vulnerability stemmed from unlimited image decoding and resizing during preview generation, which could lead to CPU and memo...

6.5CVSS6.4AI score0.00318EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/16 10:48 p.m.5 views

Operation on a Resource after Expiration or Release

Overview mattermost-redux is a Common code API client, Redux stores, logic, utility functions for building a Mattermost client Affected versions of this package are vulnerable to Operation on a Resource after Expiration or Release in the permalink preview process. An attacker can access private...

5.3CVSS5.9AI score0.00203EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/16 10:29 p.m.4 views

CVE-2026-1629

A missing cache invalidation flaw has been discovered in mattermost server. Affected versions fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache...

4.3CVSS5.6AI score0.00203EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/16 9:34 p.m.5 views

EUVD-2026-12516

Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...

4.3CVSS5.8AI score0.00203EPSS
Exploits0References2
NVD
NVD
added 2026/03/16 9:16 p.m.5 views

CVE-2026-1629

Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...

4.3CVSS0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/16 8:24 p.m.23 views

CVE-2026-1629 Permalink Preview Information Disclosure After Permission Revocation

Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...

4.3CVSS0.00203EPSS
Exploits0References1
OSV
OSV
added 2026/03/16 8:24 p.m.5 views

CVE-2026-1629 Permalink Preview Information Disclosure After Permission Revocation

Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...

4.3CVSS6AI score0.00203EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/16 8:24 p.m.2 views

CVE-2026-1629 Permalink Preview Information Disclosure After Permission Revocation

Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...

4.3CVSS5.8AI score0.00203EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/16 8:24 p.m.3 views

CVE-2026-1629

Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...

4.3CVSS5.8AI score0.00203EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/16 8:24 p.m.25 views

CVE-2026-1629

Mattermost CVE-2026-1629 affects Mattermost 10.11.x up to 10.11.10. The issue arises from not invalidating cached permalink preview data when a user loses channel access, allowing continued viewing of private channel content via previously cached previews until cache reset or relogin. The CVSSv3....

4.3CVSS5.8AI score0.00203EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.8 views

PT-2026-25812

Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...

4.3CVSS5.8AI score0.00203EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.6 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 10.11.10 and earlier, including 10.11.x, have security vulnerabilities. These vulnerabilities stem from the failure to invalidate cached preview data of fixed links whe...

4.3CVSS5.8AI score0.00203EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.5 views

PT-2026-25138

wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment preview functionality that allows authenticated users to inject malicious scripts by submitting comments with unescaped content. Attackers with unfiltered html capabilities can inject JavaScript...

6.1CVSS5.7AI score0.00169EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/11 4:25 p.m.1 views

CVE-2026-30236

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing a project budget and planning the labor cost, it was not checked that the user that was planned in the budget is actually a project member. This exposed the user's default rate if one was set up to...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/11 4:25 p.m.2 views

CVE-2026-30236 OpenProject users that are not project members can be used to calculate Labor Budget, leaking their global hourly rate

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing a project budget and planning the labor cost, it was not checked that the user that was planned in the budget is actually a project member. This exposed the user's default rate if one was set up to...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/11 4:25 p.m.5 views

EUVD-2026-11236

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing a project budget and planning the labor cost, it was not checked that the user that was planned in the budget is actually a project member. This exposed the user's default rate if one was set up to...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.10 views

PT-2026-24740

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing a project budget and planning the labor cost, it was not checked that the user that was planned in the budget is actually a project member. This exposed the user's default rate if one was set up to...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References4
Microsoft KB
Microsoft KB
added 2026/03/10 2:0 p.m.75 views

March 10, 2026—KB5078883 (OS Build 22631.6783)

March 10, 2026—KB5078883 OS Build 22631.6783 ​​​​​This cumulative update for Windows 11, version 23H2 KB5078883, includes the latest security fixes and improvements, along with non-security updates from last month’s optional preview release. To learn more about differences between security update...

8.8CVSS6.8AI score0.04491EPSS
Exploits11
OSV
OSV
added 2026/03/06 4:33 p.m.3 views

CVE-2026-29082 Kestra: Stored Cross-Site Scripting in Markdown File Preview

Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview renders user-supplied Markdown .md with markdown-it instantiated as html:true and injects the resulting HTML with Vue’s v-html without sanitisation. At time of publication, there a...

7.3CVSS5.8AI score0.00232EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/28 7:45 p.m.8 views

CVE-2026-3327

Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...

4.8CVSS6.1AI score0.00322EPSS
Exploits0References1
Rows per page
Query Builder