Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
A flaw was found in the cockpit package. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them which allows a high privileged attacker with access to the audit logs to read. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.