CVE-2026-5740 Unauthenticated WebSocket binary frame causes denial of service in Mattermost Server

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users v...

Mattermost doesn't sanitize sensitive configuration fields in the Mattermost Calls plugin

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a support packet to obtain TURN server credentials via the plaintext values present in the exported plugi...

CVE-2026-1629

Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.3.0 and earlier 11.3.x series, 11.2.2 and earlier 11.2.x series, as well as 10.11.10 and earlier 10.11.x series, have security vulnerabilities. These vulnerabilities...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost 10.11.10 and earlier, including 10.11.x, have a security vulnerability. This vulnerability stems from improper validation of permission requirements at the team member role API...

CVE-2026-21942

Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystems. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris...

EUVD-2026-3567

Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystems. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris...

PT-2026-3692

Name of the Vulnerable Software and Affected Versions Oracle Solaris versions 10 and 11 Description An easily exploitable issue exists in the Filesystems component of Oracle Solaris. A low-privileged attacker with access to the system can cause a denial-of-service complete hang or frequent crash...

CVE-2025-62690

Summary: CVE-2025-62690 affects Mattermost versions 10.11.x up to 10.11.4, where the application fails to validate redirect URLs on the /error page. This vulnerability can allow an attacker to redirect a user’s browser to a malicious site via a crafted link opened in a new tab. The issue is consi...

IBM webMethods Integration 代码问题漏洞

IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. A code issue vulnerability exists in IBM webMethods Integration versions 10.11 through 10.11CoreFix22, 10.15 through 10.15CoreFix22, and 11.1 through 11.1CoreFix6, which stems from deserialization of...

CVE-2025-55074

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

GHSA-424H-XJ87-M937 Mattermost has an Incorrect Authorization vulnerability

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the /api/v4/channels/channelid/members endpoint...

CVE-2025-54499 Insecure string comparison enables timing attacks

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets...

CVE-2025-36087 IBM Security Verify Access hard coded credentials

IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound...

CVE-2025-36356 IBM Security Verify Access privilege escalation

IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root due to execution with more privileges than required...

CVE-2023-21900

Vulnerability in the Oracle Solaris product of Oracle Systems component: NSSwitch. Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle Solaris. Successful attacks...

UBUNTU-CVE-2023-52971

MariaDB Server 10.10 through 10.11. and 11.0 through 11.4. crashes in JOIN::fixallsplittingsinplan...

CVE-2024-41746

IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

Software AG webMethods Access Control Error Vulnerability

Software AG webMethods is Software AG's suite of integration and application development tools used to help organizations with tasks such as application integration, data integration, business process management, and application development. webMethods is designed to help organizations better...

CVE-2023-22003

Vulnerability in the Oracle Solaris product of Oracle Systems component: Utility. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris...