CVE-2026-6046

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to validate that a username returned during bot registration belongs to a bot account, which allows an unprivileged attacker to intercept private messages sent by plugins via direct message channels ...

EUVD-2026-36502

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to validate that a username returned during bot registration belongs to a bot account, which allows an unprivileged attacker to intercept private messages sent by plugins via direct message channels ...

CVE-2026-6046

Mattermost CVE-2026-6046 affects multiple releases: 11.6.x up to 11.6.1, 11.5.x up to 11.5.4, and 10.11.x up to 10.11.16. The vulnerability arises from failing to validate that a username returned during bot registration belongs to a bot account, enabling an unprivileged attacker to intercept pri...

CVE-2026-6046 Plugin bot username conflict allows user account to be used as bot identity in Mattermost Server

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to validate that a username returned during bot registration belongs to a bot account, which allows an unprivileged attacker to intercept private messages sent by plugins via direct message channels ...

CVE-2026-49376

In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin...

JetBrains TeamCity < 2026.1 Multiple Vulnerabilities

The version of JetBrains TeamCity installed on the remote host is prior to 2026.1. It is, therefore, affected by multiple vulnerabilities: - In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings CVE-2026-49373 - In JetBrains TeamCity before 2026.1...

CVE-2026-49376

In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin...

CVE-2026-49376

In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin...

CVE-2026-49376

In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin...

CVE-2026-49376

In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin...

EUVD-2026-33384

In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin...

CVE-2026-49376

CVE-2026-49376 affects JetBrains TeamCity prior to 2026.1 via the SAML plugin , where the root cause is insufficient username validation . The vulnerability is exploitable remotely over the network with low complexity and no privileges or user interaction required, and it has a confidentiality/ i...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2026.1...

openssh security update

8.7p1-49.0.1 - Upstream references found with /usr/bin/ssh Orabug: 37814929 - upstream: fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand Orabug: 37647064 - Update upstream references Orabug: 36564626 8.7p1-49 - CVE-2026-35385: Fix privilege escalation via scp legacy protocol when not in...

Revive Adserver: Stored XSS via malicious usernames in audit log details + Username validation bypass in XML‑RPC addUser

Vulnerability description not provided...

PT-2026-33064

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.2 Splunk Enterprise versions prior to 10.0.5 Splunk Enterprise versions prior to 9.4.10 Splunk Enterprise versions prior to 9.3.11 Splunk Cloud Platform versions prior to 10.4.2603.0 Splunk Cloud Platfo...

GHSA-F346-8RP3-4H9H TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service

Summary A flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. While validation correctly rejected invalid usernames, a side effect within a validation rule caused user records to be created regardless of whether the request succeeded...

Wecodex Shipping System CMS SQL注入漏洞

Wecodex Shipping System CMS is a logistics content management system developed by Wecodex Corporation. Version 1.0 of the Wecodex Shipping System CMS has a SQL injection vulnerability. This vulnerability stems from insufficient validation of the username parameter input, which may lead to SQL...

Wecodex Library CMS SQL注入漏洞

Wecodex Library CMS is a library management system developed by Wecodex Corporation. Version 1.0 of Wecodex Library CMS has a SQL injection vulnerability. This vulnerability stems from insufficient validation of the username parameter input, which may lead to SQL injection attacks...

Openbiz PHP Framework SQL注入漏洞

Openbiz PHP Framework is an enterprise-level application development framework developed by jixian2003. Version 3.0.8 of Openbiz PHP Framework contains a SQL injection vulnerability. This vulnerability stems from insufficient input validation for the username parameter, which may lead to SQL...