4.3
CVE-2026-2455 - SSRF bypass via IPv4-mapped IPv6 literals
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation which allows an attacker to perform SSRF attacks against internal services via IPv4-mapped IPv6 literals (e.g., [::ffff:127.0.0.1]).. Mattermost β¦
4.3
CVE-2026-21386 - Private channel enumeration via /mute slash command
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexisteβ¦
4.8
CVE-2025-2274 - Stored Cross Site Scripting in Forcepoint Web Security
Improper Neutralization of Input During Web Page Generation in Forcepoint Web Security (On-Prem) on Windows allows Stored XSS.This issue affects Web Security through 8.5.6.
3.3
CVE-2025-52642 - HCL AION is affected by an internal filesystem paths disloser vulnerability
HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure.
2.2
CVE-2025-52646 - HCL AION is affected by a vulnerability where certain offering configurations may permit execution β¦
HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific coβ¦
1.9
CVE-2025-52645 - HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not iβ¦
HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour.
1.8
CVE-2025-52649 - HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature
HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature. Predictable identifiers may allow an attacker to infer or guess system-generated values, potentially leading to limited information disclosure or unintended access under specific conditions.
2
CVE-2026-4242 - BabyChakra Pregnancy & Parenting App app.babychakra.babychakra Configuration.java credentials storaβ¦
A security flaw has been discovered in BabyChakra Pregnancy & Parenting App up to 5.4.3.0 on Android. This affects an unknown function of the file fileΒ app/babychakra/babychakra/Configuration.java of the component app.babychakra.babychakra. Performing a manipulation of the argument SEGMENT_WRITE_KEβ¦
5.8
CVE-2025-52644 - HCL AION is affected by a vulnerability where certain user actions are not adequately audited or loβ¦
HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes.
4.7
CVE-2025-52643 - HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed wiβ¦
HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential security risks, including unintended behaviour or integrity impact when processing specially crafted files.