CVE-2026-39401

Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, jb child processes can include an updateevent key in their JSON output. The server applies this directly to the parent event's stored configuration without any authorization check. A low-privile...

GO-2025-4201 Mattermost Server is vulnerable to webhook and slash command manipulation in github.com/mattermost/mattermost-server

Mattermost Server is vulnerable to webhook and slash command manipulation in github.com/mattermost/mattermost-server...

EUVD-2023-41876

Malicious code in bioql PyPI...

PT-2025-22013 · Node.Js +1 · Node.Js +1

Name of the Vulnerable Software and Affected Versions: OpenCTI versions prior to 6.5.2 Description: The issue affects an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability to manage customizations can edit a...

GHSA-JP57-4X34-5V94 Mattermost Server is vulnerable to webhook and slash command manipulation

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API...