Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 11.5.1 and earlier of the 11.5.x series, as well as versions 10.11.13 and earlier of the 10.11.x series, and 11.4.3 and earlier of the 11.4.x series. Thes...

PT-2026-34219

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.6.0 through 5.9.14 Description The 'actionSavePermissions' endpoint allows a user possessing only viewUsers permission to remove arbitrary users from all user groups. This occurs because the saveUserGroups function enforce...

SUSE CVE-2026-23462

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HIDP: Fix possible UAF This fixes the following trace caused by not dropping l2capconn reference when user-remove callback is called: 97.809249 l2capconnfree: freeing conn ffff88810a171c00 97.809907 CPU: 1 UID: 0 PID:...

CVE-2026-23462

A flaw was found in the Linux kernel's Bluetooth subsystem HIDP. A local attacker can exploit a use-after-free vulnerability by failing to properly drop a reference to an L2CAP Logical Link Control and Adaptation Protocol connection during a user removal callback. This memory corruption flaw may...

CVE-2026-23462

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HIDP: Fix possible UAF This fixes the following trace caused by not dropping l2capconn reference when user-remove callback is called: 97.809249 l2capconnfree: freeing conn ffff88810a171c00 97.809907 CPU: 1 UID: 0 PID:...

CVE-2026-23462 Bluetooth: HIDP: Fix possible UAF

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HIDP: Fix possible UAF This fixes the following trace caused by not dropping l2capconn reference when user-remove callback is called: 97.809249 l2capconnfree: freeing conn ffff88810a171c00 97.809907 CPU: 1 UID: 0 PID:...

CVE-2026-23462

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HIDP: Fix possible UAF This fixes the following trace caused by not dropping l2capconn reference when user-remove callback is called: 97.809249 l2capconnfree: freeing conn ffff88810a171c00 97.809907 CPU: 1 UID: 0 PID:...

CVE-2025-68954

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. This allows a user that was already connected to...

CVE-2025-68954 Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. This allows a user that was already connected to...

CVE-2025-68954

CVE-2025-68954 affects Pterodactyl’s SFTP subsystem where active SFTP sessions are not revoked when a user is removed or has permissions reduced. Multiple sources describe that credentials are checked at handshake, but not re-validated afterward, allowing a user who was connected to maintain acce...

CVE-2025-68954 Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. This allows a user that was already connected to...

CVE-2025-68954 Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. This allows a user that was already connected to...

PT-2026-1360

Name of the Vulnerable Software and Affected Versions Pterodactyl versions prior to 1.12.0 Description Pterodactyl, a game server management panel, does not terminate existing SFTP connections when a user's access is revoked or their permissions are modified. Specifically, if a user is connected ...

EUVD-2024-22468

Malicious code in bioql PyPI...

EUVD-2024-1339

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-13305

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user fr...

CVE-2019-14721

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account...

CVE-2025-26372

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove users from groups via crafted HTTP requests...

CVE-2025-26377

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove users via crafted HTTP requests...

CVE-2025-26377

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove users via crafted HTTP requests...