Overview
- Mattermost
- Mattermost
Description
Statistics
- 1 Post
- 2 Interactions
Fediverse
Also:
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/{channel_id}/common_teams endpoint
Overview
- Mattermost
- Mattermost
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
And:
Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation or admin privileges to take over any user account via manipulation of authentication data during the OAuth completion flow
Overview
- kapilduraphe
- mcp-watch
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
๐ด CVE-2025-66401 (CRITICAL, CVSS 9.8): kapilduraphe mcp-watch โค0.1.2 is vulnerable to OS command injection via unsanitized githubUrl in cloneRepo. Attackers can execute arbitrary commands remotely. Audit, isolate, and monitor now! https://radar.offseq.com/threat/cve-2025-66401-cwe-78-improper-neutralization-of-s-6ace6b6d #OffSeq #Vulnerability #CyberSec
Overview
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
BoF in LightFTP.
https://shimo.im/docs/9030JMJpv4IM4Nkw/read
A buffer overflow in the g_cfg.MaxUsers component of LightFTP v2.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
Overview
- CODESYS
- CODESYS Development System
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
#OT #Advisory VDE-2025-101
CODESYS Development System - Deserialization of Untrusted Data
A vulnerability has been discovered in the print engine of the CODESYS development system. If a CODESYS project file or archive file was crafted in a specific way, the CODESYS development system could execute arbitrary code when a user opens these files and configures the print/printer options or prints the project or parts of it. This arbitrary code would be executed in the context of the user who was tricked into opening the project.
#CVE CVE-2025-41700
https://certvde.com/en/advisories/vde-2025-101/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2025/advisory2025-11_vde-2025-101.json
Overview
- geoserver
- geoserver
Description
Statistics
- 1 Post
Overview
- 0x4m4
- HexStrike AI
Description
Statistics
- 1 Post
Overview
- CODESYS
- CODESYS Control RTE (SL)
Description
Statistics
- 1 Post
Fediverse
#OT #Advisory VDE-2025-100
CODESYS Control - Invalid type usage in visualization
A vulnerability in the CODESYS Control runtime system's CmpVisuServer component allows attackers to cause a denial-of-service (DoS) by sending special request to the CODESYS Web- or remote Target Visu. The issue is triggered by an internal read access using a pointer of wrong type.
#CVE CVE-2025-41738
https://certvde.com/en/advisories/vde-2025-100/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2025/advisory2025-10_vde-2025-100.json
Overview
Description
Statistics
- 1 Post