Mattermost versions

Mattermost versions

Mattermost versions

Improper neutralization of special elements used in an OS command (‘OS Command Injection’) issue exists in NCP-HG100 1.4.48.16 and earlier. If exploited, a remote attacker who has obtained the authentication information to log in...

The Creta Testimonial Showcase WordPress plugin before 1.2.4 is vulnerable to Local File Inclusion. This makes it possible for authenticated attackers, with editor-level access and above, to include and execute arbitrary files on the...

IQ-Support developed by IQ Service International has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files. More information : https://www.twcert.org.tw/en/cp-139-10502-11c6d-2.html

IQ-Support developed by IQ Service International has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access specific APIs to obtain sensitive information from the internal network. More information : https://www.twcert.org.tw/en/cp-139-10502-11c6d-2.html

Out of bounds read in V8 in Google Chrome prior to 133.0.6943.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) More information : https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_25.html

Inappropriate implementation in Compositing in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) More information : https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html

Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) More information : https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html

Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) More information : https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html

The SNORDIAN’s H5PxAPIkatchu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘insert_data’ AJAX endpoint in all versions up to, and including, 0.4.17 due to insufficient input sanitization and output escaping. This...

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation’s composition logic prior to 2.9.5, 2.10.4, 2.11.5, and 2.12.1 allowed some queries to Apollo...

Jitsi Meet is an open source video conferencing application. A vulnerability present in versions prior to 2.0.10532 allows attackers to hijack the OAuth authentication window for Microsoft accounts. This is fixed in version 2.0.10532....