Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-pwvr-grqg-7vp2: Mattermost Lack of Access Control Validation

Mattermost versions 10.5.x <= 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts

ghsa
Open in Source
#vulnerability#auth
GHSA-4276-cm8c-788h: Mattermost Fails to Properly Validate Team Role Modification

Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins to demote Team Members to Guests via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles API endpoint.

GHSA-vqwh-5jhh-vc9p: Mattermost Server SSRF Vulnerability via the Agents Plugin

Mattermost Server versions 10.5.x <= 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions

GHSA-p6rm-483j-37jf: wong2 mcp-cli Command Injection Vulnerability

A flaw has been found in wong2 mcp-cli 1.13.0. Affected is the function redirectToAuthorization of the file /src/oauth/provider.js of the component oAuth Handler. This manipulation causes os command injection. The attack may be initiated remotely. The attack is considered to have high complexity. The exploitability is told to be difficult. The exploit has been published and may be used. This issue has been patched via commit 3562966.

GHSA-p72g-pv48-7w9x: Apache Tika XXE Vulnerability via Crafted XFA File Inside a PDF

Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. Note that the tika-parser-pdf-module is used as a dependency in several Tika packages including at least: tika-parsers-standard-modules, tika-parsers-standard-package, tika-app, tika-grpc and tika-server-standard. Users are recommended to upgrade to version 3.2.2, which fixes this issue.

GHSA-mpww-r37c-vxjw: Liferay Portal Vulnerable to Cross-Site Scripting in Dynamic Data Mapping

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.2, 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code via _com_liferay_dynamic_data_mapping_web_portlet_DDMPortlet_portletNamespace and _com_liferay_dynamic_data_mapping_web_portlet_DDMPortlet_namespace parameter.

GHSA-62pf-hcwj-rcfc: Liferay Portal Vulnerable to Cross-Site Scripting via DDMPortlet_definition Parameter

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.2, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code via _com_liferay_dynamic_data_mapping_web_portlet_DDMPortlet_definition parameter.

GHSA-mmxm-8w33-wc4h: Eclipse Jetty affected by MadeYouReset HTTP/2 vulnerability

## Technical Details Below is a technical explanation of a newly discovered vulnerability in HTTP/2, which we refer to as “MadeYouReset.” ### MadeYouReset Vulnerability Summary The MadeYouReset DDoS vulnerability is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service. ### Mechanism The vulnerability uses malformed HTTP/2 control frames, or malformed flow, in order to make the server reset streams created by the client (using the RST_STREAM frame). The vulnerability could be triggered by several primitives, defined by the RFC of HTTP/2 (RFC 9113). The Primitives are: 1. WINDOW_UPDATE frame with an increment of 0 or an increment that makes the window exceed 2^31 - 1. (section 6.9 + 6.9.1) 2. HEADERS or DATA frames sent on a half-closed (remote) stream (which was closed using the END_STREAM flag). (note that for some implemen...

GHSA-3j63-5h8p-gf7c: x402 SDK vulnerable in outdated versions in resource servers for builders

### Impact There is a security vulnerability in outdated versions of the x402 SDK. This does not directly affect users' keys, smart contracts, or funds. This primarily impacts builders working on resource servers. ### Patches Please update to the following package versions: * x402 >= 0.5.2 * x402-next >= 0.5.2 * x402-express >= 0.5.2 * x402-hono >= 0.5.2

GHSA-ggjm-f3g4-rwmm: n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files

### Impact A symlink traversal vulnerability was discovered in the `Read/Write File` node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks). An attacker with the ability to create symlinks—such as by using the `Execute Command` node—could exploit this to bypass the intended directory restrictions and read from or write to otherwise inaccessible paths. Users of _n8n.cloud_ are not impacted. ### Patches Affected users should update to version 1.106.0 or later. ### Workarounds Until the patch is applied: - Disable or restrict access to the `Execute Command` node and any other nodes that allow arbitrary file system access. - Avoid using the `Read/Write File` node on untrusted paths or inputs that could be manipulated via symlinks.