Drupal 10.5.x < 10.5.9 / 10.6.x < 10.6.7 / 11.2.x < 11.2.11 / 11.3.x < 11.3.7 Multiple Vulnerabilities (drupal-2026-04-15)

According to its self-reported version, the instance of Drupal running on the remote web server is 10.5.x prior to 10.5.9, 10.6.x prior to 10.6.7, 11.2.x prior to 11.2.11, or 11.3.x prior to 11.3.7. It is, therefore, affected by multiple vulnerabilities. - Drupal core's jQuery integration for AJA...

CVE-2025-36373

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from insufficient validation of code exchange tokens, which could lead to account takeover. The following versions are affected: version 11.0.2...

CVE-2025-33012

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date...

CVE-2025-58073

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the OAuth state...

CVE-2025-41443

Mattermost versions 10.5.x = 10.5.12, 10.11.x = 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the /api/v4/teams/teamid/channels/ids endpoint...

EUVD-2025-34742

Mattermost has a Missing Authorization vulnerability...

EUVD-2025-30247

Malicious code in bioql PyPI...

SUSE CVE-2025-9081

Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration...

GHSA-F72G-52V7-MG3P Mattermost boards plugin fails to restrict download access to files

Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration...

CVE-2025-9081

CVE-2025-9081 affects Mattermost 9.11.x &lt;= 9.11.17 and 10.5.x

CVE-2025-9084 Open redirect in OAuth login

Mattermost versions 10.5.x = 10.5.9 fail to properly validate redirect URLs which allows attackers to redirect users to malicious sites via crafted OAuth login URLs...

CVE-2025-6226

Mattermost versions 10.5.x = 10.5.6, 10.8.x = 10.8.1, 10.7.x = 10.7.3, 9.11.x = 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't have access to via guessing the PendingPostID of...

BIT-MARIADB-MIN-2022-32082

MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table-getrefcount == 0 in dict0dict.cc...

PT-2025-26325 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.5.x through 10.5.5 Mattermost versions 9.11.x through 9.11.15 Mattermost versions 10.8.x through 10.8.0 Mattermost versions 10.7.x through 10.7.2 Mattermost versions 10.6.x through 10.6.5 Description: The issue arises...

CVE-2025-2424

Mattermost versions 10.5.x = 10.5.1, 9.11.x = 9.11.9 fail to check if a file has been deleted when creating a bookmark which allows an attacker who knows the IDs of deleted files to obtain metadata of the files via bookmark creation...

CVE-2024-41761

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query...

CVE-2024-31880

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user...

PT-2024-26330 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server federated server versions 10.5, 11.1, and 11.5 Description: The issue is a denial of service vulnerability that can be triggered with a specially crafted query under certain...

Dell OS10 Networking Switches Authorization Issues Vulnerability

Dell OS10 Networking Switches is a switch from Dell USA. An authorization issue vulnerability exists in Dell OS10 Networking Switches versions 10.5.6.x, 10.5.5.x, 10.5.4.x, and 10.5.3.x, which stems from an elevation of privilege that allows an authenticated remote attacker...