DoS (Denial of Service) com.squareup.okio:okio Dependency in Jira Software Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 9.12.1, 10.3.0 not all patched versions - see the fix and affects versions field and 11.3.0 of Jira Software Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Drupal 10.5.x < 10.5.9 / 10.6.x < 10.6.7 / 11.2.x < 11.2.11 / 11.3.x < 11.3.7 Multiple Vulnerabilities (drupal-2026-04-15)

According to its self-reported version, the instance of Drupal running on the remote web server is 10.5.x prior to 10.5.9, 10.6.x prior to 10.6.7, 11.2.x prior to 11.2.11, or 11.3.x prior to 11.3.7. It is, therefore, affected by multiple vulnerabilities. - Drupal core's jQuery integration for AJA...

SUSE CVE-2026-2456

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 Mattermost fails to limit the size of responses from integration action endpoints, which allows an authenticated attacker to cause server memory exhaustion and denial of service via a malicious integration server that return...

CVE-2026-2458

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate team membership when searching channels which allows a removed team member to enumerate all public channels within a private team via the channel search API endpoint.. Mattermost Advisory ID:...

CVE-2026-2454

Mattermost exposes a DoS vulnerability in the Calls plugin via malformed msgpack frames over WebSocket. Affected versions: 11.3.x ≤ 11.3.0, 11.2.x ≤ 11.2.2, 10.11.x ≤ 10.11.10. Root cause: incorrect handling of reported array lengths, enabling a malicious user to trigger OOM and crash the server....

CVE-2026-26304 Permission Bypass in Playbook Run Creation

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2 fail to verify runcreate permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542...

GHSA-M5RV-56XX-HFC6 Mattermost fails to properly handle very long passwords

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly handle very long passwords, which allows an attacker to overload the server CPU and memory via executing login attempts with multi-megabyte passwords. Mattermost Advisory ID: MMSA-2026-00587...

CVE-2026-2462 Admin RCE via Malicious Plugin Upload on CI Test Instances

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to restrict plugin installation on CI test instances with default admin credentials which allows an unauthenticated attacker to achieve remote code execution and exfiltrate sensitive configuration data including AWS and...

PT-2026-25686

Mattermost fails to bound memory allocation when processing PSD image files in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

PT-2026-25759

Mattermost fails to properly enforce read permissions in search API endpoints in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

CVE-2024-51946

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

CVE-2023-47712 IBM Security Guardium privilege escalation

IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local user to gain elevated privileges on the system due to improper permissions control. IBM X-Force ID: 271527...

PT-2024-4805 · Ibm · Ibm Security Guardium

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium versions 11.3 through 12.0 Description: The issue allows a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. This is due to the failure to neutralize specia...

PT-2024-4804 · Ibm · Ibm Security Guardium

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium versions 11.3 through 12.0 Description: The issue is related to improper permissions control, which could allow a local user to gain elevated privileges on the system. This is due to deficiencies in access control...

CVE-2024-0199

Removed by vendor...

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities. [CVE-2022-42889, CVE-2023-35001, CVE-2023-32233]

Summary IBM Security Guardium has addressed the following vulnerabilities with the update recommended below in the remediation / fix section. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: OX AppSuite could allow a remote attacker to execute arbitrary code on the system, caused by a flaw...

PT-2023-14389 · Ibm · Ibm Security Guardium

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium versions 11.3 through 11.4 Description: The issue could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. Recommendations: For versions 11.3 and 11.4, conside...

IBM Security Guardium 跨站脚本漏洞

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A cross-site scripting vulnerability exists in IBM Security...

Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability (CVE-2021-3715)

Summary IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID:CVE-2021-3715 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free in route4change in net/sched/clsroute.c. By sending a...

SUSE CVE-2019-18452

An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4 when moving an issue to a public project from a private one. It has Insecure Permissions...