Lucene search
K

677 matches found

Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.18 views

PT-2026-42745

Name of the Vulnerable Software and Affected Versions Mattermost version 11.6.0 Mattermost version 11.5.3 Mattermost version 11.4.4 Mattermost version 10.11.14 Description Improper validation of file ownership and access control in the Boards API allows an authenticated user to access and downloa...

7.5CVSS5.8AI score0.00149EPSS
Exploits0References11
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: Boards: The issue of NULL pointer dereferencing in BYT/CHT boards has been fixed. Since commit 13f58267cda3 “ASoC: soc.h: Do not create dummy components via COMPDUMMY”, dummy codecs were declared as follows:...

5.5CVSS6.1AI score0.00181EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/24 6:50 p.m.6 views

CVE-2026-41419 4ga Boards: Import Path Traversal Leads to Arbitrary File Read

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be...

7.6CVSS5.3AI score0.00306EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 6:50 p.m.4 views

CVE-2026-41419

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be...

7.6CVSS5.3AI score0.00306EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/24 6:50 p.m.7 views

EUVD-2026-25613

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be...

7.6CVSS5.3AI score0.00306EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/24 6:50 p.m.34 views

CVE-2026-41419 4ga Boards: Import Path Traversal Leads to Arbitrary File Read

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be...

7.6CVSS0.00306EPSS
Exploits0References1
OSV
OSV
added 2026/04/24 6:50 p.m.2 views

CVE-2026-41419 4ga Boards: Import Path Traversal Leads to Arbitrary File Read

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be...

7.6CVSS6AI score0.00306EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/24 6:49 p.m.11 views

CVE-2026-41418

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, 4ga Boards is vulnerable to user enumeration via a timing side-channel in the login endpoint POST /api/access-tokens. When an invalid username/email is provided, the server responds immediately 17ms average. When a val...

5.3CVSS5.3AI score0.00197EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/24 6:49 p.m.6 views

EUVD-2026-25612

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, 4ga Boards is vulnerable to user enumeration via a timing side-channel in the login endpoint POST /api/access-tokens. When an invalid username/email is provided, the server responds immediately 17ms average. When a val...

5.3CVSS5.3AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/04/24 6:49 p.m.13 views

CVE-2026-41418

4ga Boards prior to 3.3.5 is vulnerable to user enumeration via a timing side-channel on POST /api/access-tokens. Valid username/email with wrong password yields ~74 ms bcrypt.compareSync(), vs ~17 ms for invalid username/email, creating a ~4.4× timing difference. Root cause: timing variance in l...

5.3CVSS5.3AI score0.00197EPSS
Exploits0References1
OSV
OSV
added 2026/04/24 6:49 p.m.2 views

CVE-2026-41418 4ga Boards: User Enumeration via Timing Side-Channel in Authentication Endpoint

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, 4ga Boards is vulnerable to user enumeration via a timing side-channel in the login endpoint POST /api/access-tokens. When an invalid username/email is provided, the server responds immediately 17ms average. When a val...

5.3CVSS6AI score0.00197EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.8 views

PT-2026-35063

Name of the Vulnerable Software and Affected Versions 4ga Boards versions prior to 3.3.5 Description 4ga Boards is a boards system for realtime project management. The software allows user enumeration through a timing side-channel in the login endpoint '/api/access-tokens'. The server responds...

5.3CVSS5.2AI score0.00197EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.6 views

PT-2026-35064

Name of the Vulnerable Software and Affected Versions 4ga Boards versions prior to 3.3.5 Description A path traversal issue allows an authenticated user with board import privileges to force the server to ingest arbitrary host files as board attachments during the BOARDS archive import process...

7.6CVSS5.3AI score0.00306EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.14 views

4ga Boards 路径遍历漏洞

4ga Boards is a real-time project management dashboard system developed by RAR Personal Developers. Versions of 4ga Boards prior to 3.3.5 contained a path traversal vulnerability. This vulnerability stemmed from path traversal during the import of BOARDS archives, which could lead to unauthorized...

7.6CVSS5.8AI score0.00306EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

4ga Boards 安全漏洞

4ga Boards is a real-time project management dashboard system developed by RAR Personal Developers. Versions of 4ga Boards prior to 3.3.5 contained security vulnerabilities. These vulnerabilities stemmed from timing side channels in the login endpoint, which could lead to user enumeration...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References1
OSV
OSV
added 2026/03/23 6:16 p.m.5 views

GO-2026-4782 Mattermost Boards Plugin fails to implement authorisation checks on comment block modifications in github.com/mattermost/mattermost-plugin-boards

Mattermost Boards Plugin fails to implement authorisation checks on comment block modifications in github.com/mattermost/mattermost-plugin-boards...

4.3CVSS5.8AI score0.00162EPSS
Exploits1References4
OSV
OSV
added 2026/03/16 3:30 p.m.4 views

GHSA-HF8W-X9H5-5GF9 Mattermost Boards Plugin fails to implement authorisation checks on comment block modifications

Mattermost Plugins versions =11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559...

4.3CVSS5.8AI score0.00162EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/16 3:30 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the comment block modification process. An attacker can alter comments created by other users by leveraging editor permissions without proper authorization checks. Remediation Upgrade...

5.3CVSS5.8AI score0.00162EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/16 3:30 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the comment block modification process. An attacker can alter comments created by other users by leveraging editor permissions without proper authorization checks. Remediation Upgrade...

5.3CVSS5.8AI score0.00162EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/16 3:30 p.m.6 views

Mattermost Boards Plugin fails to implement authorisation checks on comment block modifications

Mattermost Plugins versions =11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559...

4.3CVSS5.8AI score0.00162EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder