122 matches found
Mattermost Server 11.4.x <= 11.4.3 / 11.5.x <= 11.5.1 Origin Validation Error (MMSA-2026-00636)
The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2026-00636 advisory. - Mattermost versions 11.5.x = 11.5.1, 11.4.x = 11.4.3 fail to validate the X-Requested-With header on the burn-on-read reveal endpoint which allows an...
Mattermost doesn't validate the X-Requested-With header on the burn-on-read reveal endpoint
Mattermost versions 11.5.x = 11.5.1, 11.4.x = 11.4.3 fail to validate the X-Requested-With header on the burn-on-read reveal endpoint which allows an authenticated channel member to force the reveal of a burn-on-read message without recipient consent via a crafted Markdown image tag.. Mattermost...
PT-2026-29185
Name of the Vulnerable Software and Affected Versions SciTokens versions prior to 1.9.7 Description SciTokens is a library for generating and using SciTokens. The Enforcer component is susceptible to a path traversal issue. An attacker can exploit this by including 'dot-dot' .. sequences within t...
CVE-2026-1296
The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the 'requestedpage' POST parameter in the verifyusernamepassword function. This makes it possible for unauthenticated...
CVE-2026-1296
The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the 'requestedpage' POST parameter in the verifyusernamepassword function. This makes it possible for unauthenticated...
PT-2026-20274
Name of the Vulnerable Software and Affected Versions Frontend Post Submission Manager Lite plugin for WordPress versions through 1.2.7 Description The software contains a flaw that allows redirection to potentially malicious sites. This occurs because of inadequate validation of the requested pa...
WordPress Frontend Post Submission Manager Lite plugin <= 1.2.7 - Unauthenticated Open Redirect via 'requested_page' Parameter vulnerability
Unauthenticated Open Redirect via 'requestedpage' Parameter vulnerability discovered by kr0d in WordPress Plugin Frontend Post Submission Manager Lite versions 1.0.0-1.2.7...
CVE-2026-0964
A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...
Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2026-1145)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2025-68300
In the Linux kernel, the following vulnerability has been resolved: fs/namespace: fix reference leak in grabrequestedmntns lookupmntns already takes a reference on mntns. grabrequestedmntns doesn't need to take an extra reference...
CVE-2025-68300
In the Linux kernel, the following vulnerability has been resolved: fs/namespace: fix reference leak in grabrequestedmntns lookupmntns already takes a reference on mntns. grabrequestedmntns doesn't need to take an extra reference...
UBUNTU-CVE-2025-68300
In the Linux kernel, the following vulnerability has been resolved: fs/namespace: fix reference leak in grabrequestedmntns lookupmntns already takes a reference on mntns. grabrequestedmntns doesn't need to take an extra reference...
CVE-2025-68300 fs/namespace: fix reference leak in grab_requested_mnt_ns
In the Linux kernel, the following vulnerability has been resolved: fs/namespace: fix reference leak in grabrequestedmntns lookupmntns already takes a reference on mntns. grabrequestedmntns doesn't need to take an extra reference...
CVE-2025-68300 fs/namespace: fix reference leak in grab_requested_mnt_ns
In the Linux kernel, the following vulnerability has been resolved: fs/namespace: fix reference leak in grabrequestedmntns lookupmntns already takes a reference on mntns. grabrequestedmntns doesn't need to take an extra reference...
Linux Distros Unpatched Vulnerability : CVE-2025-68300
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/namespace: fix reference leak in grabrequestedmntns lookupmntns already takes a reference on mntns. grabrequestedmntns doesn't need to take an extra referenc...
EUVD-2025-36472
In the Linux kernel, the following vulnerability has been resolved: vhost: vringh: Fix copytoiter return value check The return value of copytoiter can't be negative, check whether the copied length is equal to the requested length instead of checking for negative values...
CVE-2025-12346
A vulnerability was detected in MaxSite CMS up to 109. This vulnerability affects unknown code of the file application/maxsite/admin/plugins/autopost/uploads-require-maxsite.php of the component HTTP Header Handler. Performing manipulation of the argument X-Requested-FileName/X-Requested-FileUpDi...
EUVD-2017-0148
Malware in sbrugna...
EUVD-2021-24816
Malware in sbrugna...
EUVD-2022-28950
Malicious code in bioql PyPI...