440 matches found
Vikunja 资源管理错误漏洞
Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja from 1.0.0-rc0 to 2.2.0 contained a resource management vulnerability. This vulnerability stemmed from unlimited image decoding and resizing during preview generation, which could lead to CPU and memo...
Operation on a Resource after Expiration or Release
Overview mattermost-redux is a Common code API client, Redux stores, logic, utility functions for building a Mattermost client Affected versions of this package are vulnerable to Operation on a Resource after Expiration or Release in the permalink preview process. An attacker can access private...
CVE-2026-1629
A missing cache invalidation flaw has been discovered in mattermost server. Affected versions fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache...
EUVD-2026-12516
Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...
CVE-2026-1629
Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...
CVE-2026-1629 Permalink Preview Information Disclosure After Permission Revocation
Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...
CVE-2026-1629 Permalink Preview Information Disclosure After Permission Revocation
Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...
CVE-2026-1629 Permalink Preview Information Disclosure After Permission Revocation
Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...
CVE-2026-1629
Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...
CVE-2026-1629
Mattermost CVE-2026-1629 affects Mattermost 10.11.x up to 10.11.10. The issue arises from not invalidating cached permalink preview data when a user loses channel access, allowing continued viewing of private channel content via previously cached previews until cache reset or relogin. The CVSSv3....
PT-2026-25812
Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 10.11.10 and earlier, including 10.11.x, have security vulnerabilities. These vulnerabilities stem from the failure to invalidate cached preview data of fixed links whe...
PT-2026-25138
wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment preview functionality that allows authenticated users to inject malicious scripts by submitting comments with unescaped content. Attackers with unfiltered html capabilities can inject JavaScript...
CVE-2026-30236
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing a project budget and planning the labor cost, it was not checked that the user that was planned in the budget is actually a project member. This exposed the user's default rate if one was set up to...
CVE-2026-30236 OpenProject users that are not project members can be used to calculate Labor Budget, leaking their global hourly rate
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing a project budget and planning the labor cost, it was not checked that the user that was planned in the budget is actually a project member. This exposed the user's default rate if one was set up to...
EUVD-2026-11236
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing a project budget and planning the labor cost, it was not checked that the user that was planned in the budget is actually a project member. This exposed the user's default rate if one was set up to...
PT-2026-24740
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing a project budget and planning the labor cost, it was not checked that the user that was planned in the budget is actually a project member. This exposed the user's default rate if one was set up to...
March 10, 2026—KB5078883 (OS Build 22631.6783)
March 10, 2026—KB5078883 OS Build 22631.6783 This cumulative update for Windows 11, version 23H2 KB5078883, includes the latest security fixes and improvements, along with non-security updates from last month’s optional preview release. To learn more about differences between security update...
CVE-2026-29082 Kestra: Stored Cross-Site Scripting in Markdown File Preview
Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview renders user-supplied Markdown .md with markdown-it instantiated as html:true and injects the resulting HTML with Vue’s v-html without sanitisation. At time of publication, there a...
CVE-2026-3327
Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...