GHSA-57CC-2PF4-MHMX Mattermost fails to properly validate team membership when processing channel mentions

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate team membership when processing channel mentions which allows authenticated users to determine the existence of teams and their URL names via posting channel shortlinks and observing the...

Mattermost fails to properly validate team membership when processing channel mentions

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate team membership when processing channel mentions which allows authenticated users to determine the existence of teams and their URL names via posting channel shortlinks and observing the...

CVE-2025-14350

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate team membership when processing channel mentions which allows authenticated users to determine the existence of teams and their URL names via posting channel shortlinks and observing the...

CVE-2025-14350

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate team membership when processing channel mentions which allows authenticated users to determine the existence of teams and their URL names via posting channel shortlinks and observing the...

CVE-2025-14350

Mattermost advisory MMSA-2025-00563 covers CVE-2025-14350, affecting Mattermost versions 11.1.x (<=11.1.2), 10.11.x (<=10.11.9), and 11.2.x (

CVE-2025-14627

CVE-2025-14627 affects the WP Import – Ultimate CSV XML Importer for WordPress plugin (up to version 7.35). Wordfence reports an SSRF vulnerability: Bitly shortlinks are unrevalidated after unshortening in upload_function(), allowing authenticated attackers with Contributor+ to force the server t...

EUVD-2025-28167

Malicious code in bioql PyPI...

EUVD-2025-17245

Malicious code in bioql PyPI...

CVE-2025-49327

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia ShortLinks Pro shortlinkspro allows SQL Injection.This issue affects ShortLinks Pro: from n/a through = 1.0.7...

CVE-2025-49327

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia ShortLinks Pro shortlinkspro allows SQL Injection.This issue affects ShortLinks Pro: from n/a through = 1.0.7...

CVE-2025-49327

CVE-2025-49327 is a SQL Injection in ShortLinks Pro (WordPress plugin) affecting ShortLinks Pro versions up to 1.0.7. The Red Hat entry confirms the issue description as an SQL injection vulnerability in ShortLinks Pro. Wordfence intelligence also lists CVE-2025-49327 with “ShortLinks Pro

CVE-2025-49327 WordPress ShortLinks Pro <= 1.0.7 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia ShortLinks Pro allows SQL Injection. This issue affects ShortLinks Pro: from n/a through 1.0.7...

CVE-2025-49327 WordPress ShortLinks Pro plugin <= 1.0.7 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia ShortLinks Pro shortlinkspro allows SQL Injection.This issue affects ShortLinks Pro: from n/a through = 1.0.7...

WordPress plugin ShortLinks Pro SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

PT-2025-24251 · Unknown · Hot Links Pro

Name of the Vulnerable Software and Affected Versions: ShortLinks Pro versions 1.0.0 through 1.0.7 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations:...

WordPress ShortLinks Pro plugin <= 1.0.7 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Nguyen Kim Sang in WordPress Plugin ShortLinks Pro versions = 1.0.7...

CVE-2025-48247

Missing Authorization vulnerability in Blair Williams Shortlinks by Pretty Links pretty-link allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortlinks by Pretty Links: from n/a through = 3.6.15...

CVE-2025-48247

Missing Authorization vulnerability in Blair Williams Shortlinks by Pretty Links pretty-link allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortlinks by Pretty Links: from n/a through = 3.6.15...

CVE-2025-48247

CVE-2025-48247 describes a Missing Authorization vulnerability in the WordPress plugin Pretty Links (Shortlinks by Pretty Links). Affected versions: up to 3.6.15. Root cause: broken access control enabling exploitation of incorrectly configured access levels. Impact: potential elevation of privil...

WordPress plugin Shortlinks by Pretty Links 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...