Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. A server-side request forgery SSRF vulnerability in the IKEv2 implementation of Palo Alto Networks PAN- OS software allo...

SUSE CVE-2026-26233

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of service server crash and restart via HTTP/2 single packet attack with 100+ parallel login requests...

SUSE CVE-2026-25783

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586...

CVE-2026-27659 CSRF vulnerability in UpdateAccessControlPolicyActiveStatus endpoint

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to properly validate CSRF tokens in the /api/v4/accesscontrolpolicies/policyid/activate endpoint, which allows an attacker to trick an admin into changing access control policy active status via a craft...

Mattermost fails to verify run_create permission for empty playbookId

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2 fail to verify runcreate permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542...

CVE-2026-26304 Permission Bypass in Playbook Run Creation

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2 fail to verify runcreate permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542...

CVE-2026-25783

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586...

CVE-2026-24458 DoS attack via login attempts with multi-megabyte passwords

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly handle very long passwords, which allows an attacker to overload the server CPU and memory via executing login attempts with multi-megabyte passwords. Mattermost Advisory ID: MMSA-2026-00587...

CVE-2026-26246 Memory Exhaustion via Malformed PSD File Upload

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing PSD image files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted PSD file. Mattermost Advisory I...

CVE-2026-26246

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing PSD image files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted PSD file. Mattermost Advisory I...

PT-2026-25809

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msgpack frames within websocket messages to calls plugin. Mattermost Advisory ID:...

EUVD-2026-6102

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...

Palo Alto Networks PAN-OS 10.2.x < 10.2.17 / 11.1.x < 11.1.6-h21 / 11.1.7-10.x < 11.1.10-h7 / 11.2.x < 11.2.8 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.2.x prior to 10.2.17, 11.1.x prior to 11.1.6-h21, 11.1.7-10.x prior to 11.1.10-h7, or 11.2.x prior to 11.2.8. It is, therefore, affected by a vulnerability. An improper input neutralization vulnerability in the management w...

EUVD-2020-5603

Malware in sbrugna...

AZL-67914 CVE-2025-11082 affecting package gdb for versions less than 11.2-10

A flaw has been found in GNU Binutils 2.45. Impacted is the function bfdelfparseehframe of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be use...

PT-2025-34282 · Esri · Esri Portal For Arcgis Enterprise Sites

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 through 11.4 Description: A stored Cross-site Scripting issue exists that may allow a remote, authenticated attacker to inject a malicious file containing an XSS script. When loaded, thi...

PT-2025-29994 · WordPress · Vertical Scroll Image Slideshow Gallery

Name of the Vulnerable Software and Affected Versions: Vertical scroll image slideshow gallery plugin for WordPress versions prior to 11.2 Description: The plugin is susceptible to Stored Cross-Site Scripting through the width parameter due to inadequate input sanitization and output escaping. Th...

Grafana 11.3.x < 11.3.0+security-01 Incorrect Privilege Assignment

According to its self-reported version, the Grafana install hosted on the remote host is 11.2.x earlier than 11.2.3+security-01, or 11.3.x earlier than 11.3.0+security-01. It is, therefore, affected by a incorrect privilege assignment vulnerability. Note that the scanner has not tested for these...

Grafana 11.2.x < 11.2.1 Multiple Vulnerabilities

According to its self-reported version, the Grafana install hosted on the remote host is 10.3.x earlier than 10.3.10, or 10.4.x earlier than 10.4.9, or 11.0.x earlier than 11.0.5, or 11.1.x earlier than 11.1.6, or 11.2.x earlier than 11.2.1. It is, therefore, affected by multiple vulnerabilities:...

CVE-2020-13343

An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project Template...