Security Vulnerabilities
Permission control vulnerability in the print module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-11-28
UAF vulnerability in the screen recording framework module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-11-28
UAF vulnerability in the screen recording framework module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
6.4
EPSS Score
0.0
Published
2025-11-28
Permission control vulnerability in the startup recovery module.
Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-11-28
Permission control vulnerability in the distributed component.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
8.0
EPSS Score
0.0
Published
2025-11-28
Permission control vulnerability in the App Lock module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-11-28
An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability.
CVSS Score
8.5
EPSS Score
0.0
Published
2025-11-28
An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service (Redis) information to li-admin users. This can lead to privilege escalation.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-11-28
An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-28
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled).
CVSS Score
9.9
EPSS Score
0.001
Published
2025-11-27