Lucene search
K

230 matches found

RedHat Linux
RedHat Linux
added 6 days ago15 views

Important: Red Hat Security Advisory: mariadb:10.11 security, bug fix, and enhancement update

An update for the mariadb:10.11 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

10CVSS6.3AI score0.00998EPSS
Exploits0References4
OSV
OSV
added 6 days ago6 views

RHSA-2026:33093 Red Hat Security Advisory: mariadb10.11 security, bug fix, and enhancement update

Bulletin has no description...

9.9CVSS5.7AI score0.00998EPSS
Exploits0References58
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.8 views

Fedora 43 : mariadb10.11 (2026-efc64a64ec)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-efc64a64ec advisory. MariaDB 10.11.18 Upstream Release notes: https://mariadb.com/docs/release-notes/community-server/10.11/10.11.18 Upstream Changelog:...

10CVSS6AI score0.00998EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/24 6:22 p.m.35 views

CVE-2026-48793 Jellyfin: Potential FFmpeg argument injection via unescaped subtitle file path

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. SubtitleEncoder.ConvertTextSubtitleToSrtInternal SubtitleEncoder.cs, line 382 interpolates the subtitle file path into FFmpeg...

8.8CVSS0.00357EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 1:41 p.m.7 views

EUVD-2026-38276

Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.. Mattermost Advisory ID: MMSA-2026-00669...

3.8CVSS6AI score0.00231EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/10 11:13 p.m.4 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: mariadb10.11: mariadb10.11-10.11.18-1.hum1 aarch64, x8664 mariadb10.11-backup-10.11.18-1.hum1 aarch64, x8664 mariadb10.11-client-utils-10.11.18-1.hum1 noarch mariadb10.11-common-10.11.18-1.hum1...

10CVSS5.8AI score0.00998EPSS
Exploits0References10
The Hacker News
The Hacker News
added 2026/06/10 5:22 a.m.115 views

Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows

The anonymous security researcher going by the name Chaotic Eclipse aka Nightmare-Eclipse has released a proof-of-concept PoC exploit for yet another Microsoft Defender zero-day named RoguePlanet. "The exploit is a race condition, so it's a hit or miss," the researcher, who published the exploit...

7.8CVSS6.4AI score0.08371EPSS
Exploits2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.11 views

Microsoft Hyper-V 信息泄露漏洞

Microsoft Hyper-V is an application developed by Microsoft Corporation in the United States. It is a system management program that enables desktop virtualization. Microsoft Hyper-V has a vulnerability related to information leakage. Attackers can exploit this vulnerability to obtain sensitive...

5.5CVSS5.3AI score0.00459EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 12:16 p.m.5 views

SUSE-SU-2026:2284-1 Security update for mariadb

This update for mariadb fixes the following issues: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. - CVE-2026-34303: mysql: optimizer unspecified vulnerability bsc1266435. - CVE-2026-44168: wsrep SST unsafe parameter handling on the donor side bsc1266442. - CVE-2026-44170:...

10CVSS7.2AI score0.00998EPSS
Exploits1References21
EUVD
EUVD
added 2026/05/22 10:28 a.m.11 views

EUVD-2026-31431

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to crash the server via timing the creation of persistent notification message between the server deleting...

6.5CVSS5.8AI score0.00172EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/22 10:22 a.m.22 views

CVE-2026-5740 Unauthenticated WebSocket binary frame causes denial of service in Mattermost Server

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users v...

7.5CVSS0.00327EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 11.6.0 and earlier 11.6.x series, 11.5.3 and earlier 11.5.x series, 11.4.4 and earlier 11.4.x series, as well as 10.11.14 and earlier 10.11.x series. Thes...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.8 views

Mattermost doesn't sanitize sensitive configuration fields in the Mattermost Calls plugin

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a support packet to obtain TURN server credentials via the plaintext values present in the exported plugi...

7.6CVSS5.8AI score0.00256EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.10 views

Mattermost doesn't escape some variables that could contain malicious content during error page composition

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those...

4.8CVSS5.9AI score0.00143EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2026/05/18 8:7 a.m.43 views

CVE-2026-4286 Playbooks Plugin fails to validate team transfers, allowing unauthorized removal of member access via playbook update

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

3.1CVSS0.00143EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/18 6:33 a.m.7 views

CVE-2026-6334

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated OAuth client to redeem authorization codes issued to a different client via a crafted token exchange request.. Mattermo...

3.1CVSS5.9AI score0.00118EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.10 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/22 12:29 p.m.128 views

Exploit for Insufficient Granularity of Access Control in Microsoft

🔨 CVE-2026-33825: BlueHammer Microsoft Defender Elevation o...

7.8CVSS5.7AI score0.06749EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/04/16 1:22 a.m.2 views

CVE-2026-35032

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint POST /LiveTv/TunerHosts, where the tuner URL is not validated, allowing local file read via non-HTTP paths and Server-Side Request Forgery SSRF via HTTP...

8.6CVSS5.8AI score0.00312EPSS
Exploits1References1
NVD
NVD
added 2026/04/15 11:16 a.m.8 views

CVE-2026-27769

Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...

2.7CVSS0.00167EPSS
Exploits0References1
Rows per page
Query Builder