GHSA-689C-XQ7X-XJWF Mattermost Playbooks fails to validate the uniqueness and quantity of task actions

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions triggered by specific post...

Mattermost Playbooks fails to validate the uniqueness and quantity of task actions

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions triggered by specific post...

CVE-2025-35965

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions triggered by specific post...

CVE-2025-35965

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions triggered by specific post...

CVE-2025-35965 DoS in Mattermost Playbooks via Excessive Task Actions

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions triggered by specific post...

CVE-2025-35965 DoS in Mattermost Playbooks via Excessive Task Actions

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions triggered by specific post...

PT-2025-17701 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.10 Mattermost versions 10.4.x through 10.4.2 Mattermost versions 10.5.x through 10.5.0 Description: The issue arises from the failure to validate the uniqueness and quantity of task actions within the...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a denial of service vulnerability that stems from not validating the uniqueness and number of task actions, which can be exploited by an attacker to cause a denial of service...

CVAD - Published app in windowed mode disappears offscreen when minimized

After launching non-seamless app, if the app gets minimized, the user unable to restore it back. The non-seamless app minimizes and disappears and cannot be retrieved unless the user invokes the task switcher with hotkey combinations. The issue also occurs when using RDP initial app testing...

The vulnerability of Windows operating system task schedulers allows a malicious actor to execute arbitrary commands with SYSTEM privileges.

The vulnerability of Windows operating system task schedulers is related to access control errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands with SYSTEM privileges by sending a specially crafted XML file...

CVE-2025-3816

A vulnerability classified as critical was found in westboy CicadasCMS 2.0. This vulnerability affects unknown code of the file /system/schedule/save of the component Scheduled Task Handler. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-3816

The CVE-2025-3816 entry concerns westboy CicadasCMS 2.0, specifically the Scheduled Task Handler’s /system/schedule/save file. The vulnerability enables os command injection and can be triggered remotely (network vector). Public exploitation details exist across multiple sources, and the issue is...

CVE-2025-3816 westboy CicadasCMS Scheduled Task save os command injection

A vulnerability classified as critical was found in westboy CicadasCMS 2.0. This vulnerability affects unknown code of the file /system/schedule/save of the component Scheduled Task Handler. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-3816 westboy CicadasCMS Scheduled Task save os command injection

A vulnerability classified as critical was found in westboy CicadasCMS 2.0. This vulnerability affects unknown code of the file /system/schedule/save of the component Scheduled Task Handler. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been...

PT-2025-17386 · Westboy · Cicadascms

Name of the Vulnerable Software and Affected Versions: westboy CicadasCMS version 2.0 Description: A critical issue was found in the Scheduled Task Handler component, specifically affecting the /system/schedule/save file. This issue leads to os command injection and can be initiated remotely. The...

MAL-2025-3263 Malicious code in task-bots (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware be184e51a3aa435812d643ea00fe1f17effc4e16bb86a0b71882fb61f69573fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in task-bots (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware be184e51a3aa435812d643ea00fe1f17effc4e16bb86a0b71882fb61f69573fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

New Windows Task Scheduler Bugs Let Attackers Bypass UAC and Tamper with Logs

Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities. The issues have been uncovered ...

DEBIAN-CVE-2025-22120

In the Linux kernel, the following vulnerability has been resolved: ext4: goto right label 'outmmapsem' in ext4setattr Otherwise, if ext4inodeattachjinode fails, a hung task will happen because filemapinvalidateunlock isn't called to unlock mapping-invalidatelock. Like this: EXT4-fs error device...

UBUNTU-CVE-2025-22120

In the Linux kernel, the following vulnerability has been resolved: ext4: goto right label 'outmmapsem' in ext4setattr Otherwise, if ext4inodeattachjinode fails, a hung task will happen because filemapinvalidateunlock isn't called to unlock mapping-invalidatelock. Like this: EXT4-fs error device...