EUVD-2025-19101

Malicious code in bioql PyPI...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 10.5.8 and prior 10.5.x and 9.11.17 and prior 9.11.x, which stems from insufficient access control validation and could cause an authenticated use...

Mattermost boards plugin fails to restrict download access to files

Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration...

CVE-2025-9081

Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration...

CVE-2025-9081

Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration...

CVE-2025-9081

CVE-2025-9081 affects Mattermost 9.11.x <= 9.11.17 and 10.5.x

Mozilla Thunderbird < 128.12

The version of Thunderbird installed on the remote Windows host is prior to 128.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-55 advisory. - The executable file warning did not warn users before opening files with the terminal extension. This bug only...

HackerOne: Embedded submission form UUIDs can be enumerated through GraphQL node interface, exposing sensitive program details

It's possible for an attacker to enumerate embedded submission form UUIDs through HackerOne's GraphQL node interface. In normal application behavior, an embedded submission form is queried through GraphQL with a UUID. These UUIDs are random and they're not susceptible to brute force attacks...