CVE-2025-41423

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to properly validate permissions for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts containing actions created by the Playbooks bot, even without...

PT-2024-7203 · Jetbrains · Youtrack

Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.3.46677 Description: The issue is related to improper access control in JetBrains YouTrack, allowing users with project update permission to delete applications via API. This could potentially allow a...