Malicious Package

Overview strapi-plugin-debug-tools is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages...

EUVD-2025-25421

Malicious code in bioql PyPI...

Path Traversal

github.com/mattermost/mattermost-server is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths during plugin import operations, which allows an attacker with restricted admin privileges to install unauthorized custom plugins by bypassing plugin signature...

Mattermost Server 9.11.x < 9.11.18 / 10.5.x < 10.5.9 / 10.8.x < 10.8.4 / 10.9.x < 10.9.2 / 10.10.0 (MMSA-2025-00500)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00500 advisory. - Mattermost versions 10.9.x = 10.9.1, 10.8.x = 10.8.3, 10.5.x = 10.5.9, 9.11.x = 9.11.18 fail to properly validate file paths during plugin import operation...

CVE-2025-36530

Mattermost versions 10.9.x = 10.9.1, 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate file paths during plugin import operations which allows restricted admin users to install unauthorized custom plugins via path traversal in the import functionality, bypassing plugin...

GHSA-GQ3R-5833-5532 Mattermost Fails to Validate File Paths

Mattermost versions 10.9.x = 10.9.1, 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate file paths during plugin import operations which allows restricted admin users to install unauthorized custom plugins via path traversal in the import functionality, bypassing plugin...

Mattermost Fails to Validate File Paths

Mattermost versions 10.9.x = 10.9.1, 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate file paths during plugin import operations which allows restricted admin users to install unauthorized custom plugins via path traversal in the import functionality, bypassing plugin...

CVE-2025-36530

Mattermost versions 10.9.x = 10.9.1, 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate file paths during plugin import operations which allows restricted admin users to install unauthorized custom plugins via path traversal in the import functionality, bypassing plugin...

CVE-2025-36530

Mattermost contains a path traversal vulnerability in the plugin import flow (affecting 9.11.x up to 9.11.17, 10.5.x up to 10.5.8, 10.8.x up to 10.8.3, 10.9.x up to 10.9.1). The root cause is improper validation of file paths during plugin import, which allows restricted admin users to install un...

PT-2025-34194 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.5.x through 10.5.8 Mattermost versions 10.8.x through 10.8.3 Mattermost versions 10.9.x through 10.9.1 Mattermost versions 9.11.x through 9.11.17 Description: The Mattermost application does not properly validate file...

Subrion 3.x - Multiple Vulnerabilities

Title = Subrion 3.X.X - Multiple Exploits - Author = bRpsd skype: vegnox - Date Release = 23 October, 2015 - Vendor = Subrion Homepage = http://www.subrion.org/ Download = http://tools.subrion.org/get/latest.zip Vulnerable Versions = 3.X.X Tested Version = Latest, 3.3.5 on a Wamp Server. x Google...