Lucene search
K

9 matches found

Vulnrichment
Vulnrichment
added 2026/05/22 10:3 p.m.8 views

CVE-2026-41148 Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram and any other diagram type that routes...

5.3CVSS5.7AI score0.00338EPSS
Exploits0References6
Snyk
Snyk
added 2025/11/14 9:30 a.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/teams/teamid/channels/searcharchived endpoint. An attacker can access information about archived public channels by sending crafted requests as a guest user. Remediation Upgrade...

5.3CVSS6.6AI score0.00188EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 9:30 a.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/teams/teamid/channels/searcharchived endpoint. An attacker can access information about archived public channels by sending crafted requests as a guest user. Remediation Upgrade...

5.3CVSS6.6AI score0.00188EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 9:30 a.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/teams/teamid/channels/searcharchived endpoint. An attacker can access information about archived public channels by sending crafted requests as a guest user. Remediation Upgrade...

5.3CVSS6.6AI score0.00188EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 8:43 a.m.2 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of multi-factor authentication enforcement in WebSocket connections. An attacker can gain unauthorized access to sensitive information by establishing a WebSocket connection...

7.5CVSS6.8AI score0.00297EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 8:43 a.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of the Allow users to view archived channels setting in the threads interface. An attacker can gain unauthorized access to archived channel content and files by using the "Open in...

4.3CVSS6.5AI score0.00164EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 8:43 a.m.2 views

Incorrect Authorization

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of the Allow users to view archived channels setting in the threads interface. An attacker can...

4.3CVSS6.8AI score0.00164EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 8:43 a.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of the Allow users to view archived channels setting in the threads interface. An attacker can gain unauthorized access to archived channel content and files by using the "Open in...

4.3CVSS6.5AI score0.00164EPSS
Exploits0References2
CNVD
CNVD
added 2019/08/14 12:0 a.m.2 views

Dolibarr ERP/CRM Cross-Site Request Forgery Vulnerability (CNVD-2019-41857)

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A cross-site request forgery vulnerability in the Label field ...

8CVSS6.9AI score0.00615EPSS
Exploits1References1
Rows per page
Query Builder