120 matches found
EUVD-2026-39778
Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...
CVE-2026-12569 Remote Code Execution (RCE) vulnerability in Windchill PDMlink
A critical remote code execution RCE vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This advisory also applies to all CPS versions The identified vulnerability also impacts Windchill and...
EUVD-2026-36990
Unauthenticated Cross Site Scripting XSS in Quiz And Survey Master = 11.0.0 versions...
CVE-2026-2988
The Blubrry PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'powerpress' and 'podcast' shortcodes in versions up to, and including, 11.15.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-6053
IBM Db2 is affected by CVE-2026-6053: denial of service when a specially crafted query runs against range-partitioned tables. Affected: Db2 Server 11.5.0–11.5.9 and 12.1.0–12.1.4. CVSS v3.1 base score 5.5 (LOCAL attack, low complexity, high impact on availability). Root cause: CWE-770 (unbounded ...
CVE-2026-1250 Court Reservation – Manage Your Court Bookings Online <= 1.10.11 - Unauthenticated SQL Injection
The Court Reservation – Manage Your Court Bookings Online plugin for WordPress is vulnerable to generic SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.10.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...
CVE-2026-45218 WordPress WP Travel plugin <= 11.4.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects WP Travel: from n/a through = 11.4.0...
WordPress Quiz And Survey Master plugin <= 11.0.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Jakub Herman in WordPress Plugin Quiz And Survey Master versions = 11.0.0...
RCE (Remote Code Execution) org.yaml:snakeyaml Dependency in Jira Service Management Data Center
This is a vulnerability in a non-Atlassian Jira Service Management dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity RCE Remote Code Execution vulnerability was introduced in versions 11.3.3 of Jira Service Management Data...
MariaDB Server 安全漏洞
MariaDB Server is an open-source relational database system developed by MariaDB. Vulnerabilities existed in versions prior to 11.4.10, as well as in versions 11.5.x to 11.8.x, up to 11.8.6, and 12.x up to 12.2.2. These vulnerabilities were due to a buffer overflow in the cachingsha2password...
Botan 数据伪造问题漏洞
Botan is a C++ encryption library developed by Jack Lloyd as an individual project. Versions of Botan from 3.0.0 to 3.11.0 had a data manipulation vulnerability, which stemmed from the lack of signature verification for OCSP responses during the X509 path validation process...
Mattermost doesn't set permissions on downloaded bulk export
Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to set permissions on downloaded bulk export which allows other local users on the server to be able to read contents of the bulk export. Mattermost Advisory ID: MMSA-2026-00593...
CVE-2026-3116 Improper Input Validation in Zoom Plugin Webhook Handler
Mattermost Plugins versions =11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows an authenticated attacker to cause service disruption via the webhook endpoint. Mattermost Advisory ID: MMSA-2026-00589...
jsrsasign 安全漏洞
jsrsasign is a signature verification library developed by Kenji Urushima. Versions of jsrsasign from 7.0.0 to 11.1.1 contained security vulnerabilities. These vulnerabilities stemmed from incomplete comparisons in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions located...
CVE-2026-25937 GLPI has a MFA bypass
GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue...
CVE-2026-0999
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...
CVE-2026-24568
Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through = 11.1.0...
CVE-2026-24568 WordPress WP Travel plugin <= 11.1.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through = 11.1.0...
PT-2026-4410
Name of the Vulnerable Software and Affected Versions WP Travel versions through 11.0.0 Description An authorization issue exists in WP Travel. The vulnerability allows exploitation of incorrectly configured access control security levels. Recommendations Update WP Travel to a version later than...
CVE-2025-66417 GLPI has an unauthenticated SQL injection through the inventory endpoint
GLPI is a free asset and IT management software package. From 11.0.0, 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3...