UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability. More information : https://consumer.huawei.com/en/support/bulletin/2025/11/

UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability. More information : https://consumer.huawei.com/en/support/bulletin/2025/11/

Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. More information : https://consumer.huawei.com/en/support/bulletin/2025/11/

An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load. More information : https://servicedesk.logpoint.com/hc/en-us/articles/29160993806749-Process-Data-Exposure-Under-High-Load

An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service (Redis) information to li-admin users. This can lead to privilege escalation. More information : https://servicedesk.logpoint.com/hc/en-us/articles/29160917867549-Redis-communication-exposed-for-internal-communication

An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability. More information : https://servicedesk.logpoint.com/hc/en-us/articles/29158899698333-XSS-Vulnerability-due-to-insufficient-input-validation

ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the “Image Gallery”, leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit can be triggered when any...

Mattermost versions 11.0.x

Mattermost versions 11.0.x

Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9. More information : https://devolutions.net/security/advisories/DEVO-2025-0018/

Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8. More information : https://devolutions.net/security/advisories/DEVO-2025-0018/

SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8. More information : https://devolutions.net/security/advisories/DEVO-2025-0018/

Mattermost versions 10.12.x

Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool vulnerable to a shell command injection attacks. In order to exploit this vulnerability, an attacker has to log in to the...