A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. [CVSS 3.3 LOW]
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. [CVSS 3.3 LOW]
This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia 15.1. [CVSS 3.3 LOW]
Mattermost versions 10.11.x <= 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a post with thousands space-separated tokens [CVSS 3.1 LOW]
Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used. [CVSS 2.6 LOW]
This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. [CVSS 2.4 LOW]
PlantUML versions before 1.2026.0 fail to properly sanitize interactive attributes in GraphViz diagrams, allowing attackers to inject malicious JavaScript into SVG output through crafted diagram files. Applications that render these SVGs are vulnerable to arbitrary script execution within the user's browser context. A patch is available to address this stored XSS vulnerability.