Lucene search
K
GithubRecent

33254 matches found

Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.12 views

Mattermost doesn't check public/private permissions

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check public/private permissions which allows members without these permissions to access public playbooks via /get.. Mattermost Advisory ID: MMSA-2026-00591...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.10 views

Mattermost doesn't prevent disclosure of created user password

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 doesn't prevent disclosure of created user password which allows a malicious attacker to impersonate a user via the use of some of those passwords.. Mattermost Advisory ID: MMSA-2026-00614...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.11 views

Mattermost doesn't validate the X-Requested-With header on the burn-on-read reveal endpoint

Mattermost versions 11.5.x = 11.5.1, 11.4.x = 11.4.3 fail to validate the X-Requested-With header on the burn-on-read reveal endpoint which allows an authenticated channel member to force the reveal of a burn-on-read message without recipient consent via a crafted Markdown image tag.. Mattermost...

4.3CVSS5.8AI score0.00113EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.9 views

Mattermost doesn't sanitize sensitive configuration fields before including them in support packet generation

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to sanitize sensitive configuration fields before including them in support packet generation, which allows a Mattermost System Admin or any party with access to a support packet to obtain sensitive credentials in...

8.7CVSS5.8AI score0.0029EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.11 views

Mattermost doesn't check if {{team_id}} was being changed when updating playbooks

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00143EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.15 views

Mattermost doesn't enforce slash command trigger-word uniqueness during command updates

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with Manage Own Slash Commands permission to hijack and impersonate existing system or custom slash...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.8 views

Mattermost doesn't sanitize sensitive configuration fields in the Mattermost Calls plugin

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a support packet to obtain TURN server credentials via the plaintext values present in the exported plugi...

7.6CVSS5.8AI score0.00256EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.14 views

Mattermost doesn't verify channel membership when processing AI-assisted message rewrites

Mattermost versions 11.5.x = 11.5.1 fail to verify channel membership when processing AI-assisted message rewrites which allows an authenticated attacker to read the content of threads in private channels and direct messages they do not have access to via a crafted request to the post rewrite...

6.5CVSS5.8AI score0.00205EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.12 views

Mattermost doesn't validate the Host header when constructing response URLs for custom slash command

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate the Host header when constructing response URLs for custom slash commands which allows an authenticated attacker to redirect slash command responses to an attacker-controlled server via a spoofed Host header.. Mattermost...

5CVSS5.8AI score0.00137EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.10 views

Mattermost doesn't enforce client identity binding during the OAuth authorization code redemption flow

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated OAuth client to redeem authorization codes issued to a different client via a crafted token exchange request.. Mattermo...

3.8CVSS5.9AI score0.00118EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.9 views

Mattermost does not verify remote cluster channel access when processing shared channel membership removals

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate that a remote cluster has access to a channel before processing membership removal requests during shared channel membership sync, which allows a malicious remote cluster to remove any user from any channel,...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.17 views

Mattermost doesn't validate 7zip archive structure before processing

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted 7zip file with excessive folder...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.11 views

Mattermost doesn't limit the size of the request body on the start meeting API endpoint

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a crafted oversized HTTP POST request to...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.8 views

Mattermost doesn't check the create_post channel permission during post edit operations

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check the createpost channel permission during post edit operations which allows an authenticated attacker with revoked posting privileges to modify their existing posts via direct API requests to the post update and...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.12 views

Mattermost doesn't validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation which allows an authenticated attacker to bypass token rotation and reuse the original invite token via sending a craft...

4.3CVSS5.8AI score0.00142EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.10 views

Mattermost doesn't escape some variables that could contain malicious content during error page composition

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those...

4.8CVSS5.9AI score0.00143EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/18 6:31 a.m.9 views

AMF Vulnerable to Improper Resource Shutdown or Release

A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicl...

5.3CVSS5.4AI score0.00398EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 3:31 a.m.11 views

AMF Improperly Restricts Operations within the Bounds of a Memory Buffer

A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement can lead to memory corruption. The attack can be launched remotely. The exploit has been publicly...

5.3CVSS5.4AI score0.00303EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 3:31 a.m.10 views

AMF Vulnerable to Improper Resource Shutdown or Release

A security flaw has been discovered in omec-project amf up to 2.1.3-dev. The impacted element is the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer dereference. The attack may be launched remotely. The exploit has been released to the public and ma...

5.3CVSS5.5AI score0.00303EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 3:31 a.m.17 views

AMF Improperly Restricts Operations within the Bounds of a Memory Buffer

A vulnerability was identified in omec-project amf up to 2.1.3-dev. The affected element is an unknown function of the file ngap/dispatcher.go of the component NGAP Message Handler. The manipulation leads to memory corruption. The attack may be initiated remotely. The exploit is publicly availabl...

5.3CVSS5.5AI score0.00303EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 3:31 a.m.12 views

AMF Vulnerable to Improper Resource Shutdown or Release

A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made...

5.3CVSS5.3AI score0.00303EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 12:31 a.m.12 views

org.linlinjava:litemall-wx-api has an Injection issue

A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in SQL injection. Remote...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 12:31 a.m.13 views

@ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue

A vulnerability was determined in Vercel AI up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...

6.5CVSS5.4AI score0.00561EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 12:31 a.m.11 views

@kilocode/cli Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executing a manipulation of the argument KILOCONFIGCONTENT can lead to information disclosure. It is...

6.5CVSS5.4AI score0.00316EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/17 3:31 p.m.22 views

AstrBot: File upload vulnerability in the function post_file of the file astrbot/dashboard/routes/chat.py

A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function postfile of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely...

6.5CVSS6.2AI score0.00358EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/17 3:31 p.m.16 views

Beetl's SpELFunction extension function has an expression injection risk

A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the component SpELFunction. The manipulation leads to improper neutralization of specia...

7.5CVSS6.7AI score0.00406EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.11 views

Mattermost doesn't enforce the PostEditTimeLimit on non-message post fields

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, and pin status after the edit window has expired via the post patch and update API endpoints...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.23 views

Mattermost doesn't validate the response body of proxied images

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate the response body of proxied images, which allows a remote attacker to enact client-side DoS via an SVG file served from an attacker-controlled origin under a non-SVG Content-Type header e.g. image/png...

6.5CVSS5.8AI score0.00242EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.12 views

Duplicate Advisory: phpMyFAQ has stored XSS via | raw Filter in search.twig — html_entity_decode(strip_tags()) Bypass in Search Result Rendering

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pqh6-8fxf-jx22. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and...

8.2CVSS5.2AI score0.00249EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.11 views

Duplicate Advisory: phpMyFAQ has an Authorization Bypass in All Admin Pages Due to Non-Terminating Permission Check

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hpgw-ww76-c68r. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in...

7.1CVSS5.6AI score0.00303EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.11 views

Duplicate Advisory: phpMyFAQ: Ordinary Authenticated User Can Access Admin-Only API Endpoints Due to Insufficient Authorization Check

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jrc5-w569-h7h5. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows...

5.3CVSS5.3AI score0.00168EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.11 views

Duplicate Advisory: phpMyFAQ's Missing CONFIGURATION_EDIT Permission Check on 12 Admin API Configuration Tab Endpoints Allows Information Disclosure by Any Authenticated User

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pqh6-8fxf-jx22. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use...

5.3CVSS5.3AI score0.00221EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.12 views

Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9525-27vj-c8r8. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in Utils::parseUrl that allows authenticat...

8.3CVSS5.1AI score0.00215EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.13 views

Duplicate Advisory: phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-289f-fq7w-6q2w. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and...

9.8CVSS5.5AI score0.01709EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.9 views

Duplicate Advisory: phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pm8c-3qq3-72w7. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated...

7.7CVSS6AI score0.00212EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.9 views

Duplicate Advisory: phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-289f-fq7w-6q2w. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId method that lacks...

8.7CVSS5.3AI score0.00259EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.11 views

Duplicate Advisory: phpMyFAQ: Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7cx3-2qx2-3g6w. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/tagId...

5.4CVSS5.5AI score0.0018EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.10 views

Duplicate Advisory: phpMyFAQ enables unauthenticated 2FA brute-force attack via /admin/check acceptance of arbitrary user-id

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9pq7-mfwh-xx2j. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the...

9.3CVSS5.6AI score0.00339EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.12 views

Duplicate Advisory: phpMyFAQ: Path traversal in Client::deleteClientFolder enables arbitrary directory deletion by non-super-admin admins

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gh9p-q46p-57g2. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with...

7CVSS5.5AI score0.00266EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.16 views

Duplicate Advisory: phpMyFAQ: Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f5p7-2c9q-8896. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that...

5.4CVSS5.2AI score0.00153EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.15 views

Duplicate Advisory: phpMyFAQ: SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSS

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-whqh-9pq5-c7r3. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities that...

5.4CVSS5.5AI score0.00153EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/15 6:35 p.m.18 views

AVideo CVE-2026-43884 incomplete fix - six (or more) `isSSRFSafeURL()` call sites still discard the `$resolvedIP` out-param at master HEAD post-`603e7bf`

CVE-2026-43884 fix 603e7bf patched EpgParser.php and plugin/AI/receiveAsync.json.php to use urlgetcontents redirect-safe. Neither uses the $resolvedIP out-param of isSSRFSafeURL for DNS pinning via CURLOPTRESOLVE. Six+ other call sites still discard $resolvedIP, opening DNS-rebinding TOCTOU...

7.7CVSS5.8AI score0.00348EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 6:34 p.m.17 views

AVideo: 2FA toggle endpoint has no CSRF protection, letting an attacker page silently disable a logged-in victim's 2FA

Summary Type: Cross-site request forgery on the 2FA toggle. plugin/LoginControl/set.json.php accepts POST type=set2FA value=false, calls LoginControl::setUser2FAUser::getId, false on the session-authenticated user, and returns. There is no forbidIfIsUntrustedRequest call, no isTokenValid check, n...

6.5CVSS5.9AI score0.0011EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 6:33 p.m.14 views

AVideo: stored XSS via unescaped stream key in modeYoutubeLive.php class attribute

Summary Type: Stored cross-site scripting. The Live plugin's "YouTube-style" view renders the live transmission's stream key into an HTML class attribute by raw echo, without htmlspecialchars. A canStream user can persist a key containing " plus an event handler via plugin/Live/saveLive.php, and...

5.4CVSS5.3AI score0.00136EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 6:32 p.m.14 views

AVideo: OS command injection in on_publish.php execAsync via unescaped m3u8 URL

Summary Type: Classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/onpublish.php builds an execAsync command line by string concatenation, single-quoting each argument but never calling escapeshellarg. A ' in any of the three interpolated values $usersid, $m3u8,...

8.8CVSS6.3AI score0.00318EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 6:30 p.m.16 views

Improper Verification of Cryptographic Signature in com.oviva.telematik:epa4all-client

Impact An attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects u ripukidpenc and uripukidpsig to attacker-controlled URLs. The client then encrypts the SMC-B-signed challenge respons...

7.4CVSS5.8AI score0.00118EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 6:30 p.m.12 views

Apache Flink: Remote code execution via SQL injection in code generation

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

8.1CVSS6.3AI score0.00381EPSS
Exploits0References6Affected Software3
Github Security Blog
Github Security Blog
added 2026/05/15 6:30 p.m.14 views

Cockpit CMS: Stored cross-site scripting vulnerability in the Set field type's Display template option

Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting vulnerability in the Set field type's Display template option, where the template string is processed by the $interpolate function using new Function and rendered via Vue's v-html directive witho...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 6:29 p.m.15 views

epa4all-client: TLS Certificate Validation Disabled in Production

Impact An attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient identifiers KVNR, SMC-B card operations authentication, signing, document content, and credential...

8.1CVSS5.8AI score0.00138EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 6:25 p.m.19 views

Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install`

Summary Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes. When apm install is given a local .tar.gz that is not recognized as a plugin-format bundle, APM probes whether it is a...

5.5CVSS6.1AI score0.0061EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities33254