38 matches found
BIT-DISCOURSE-2026-27152 DIscourse has DM communication-preference bypass when adding members
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, DM communication-preference bypass when adding members via Chat::AddUsersToChannel — a user could add targets who have blocked/ignored/muted them to an existing DM channel, bypassing per-recipien...
CVE-2024-39837
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled...
EUVD-2018-13769
Malware in sbrugna...
EUVD-2024-2667
Malicious code in bioql PyPI...
CVE-2025-8285 Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin
Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint...
CVE-2018-21256
An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions for group-message channel creation via the Group message slash command...
CVE-2025-47930
Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the "Who can create public channels" access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel privacy to public. A similar technique...
CVE-2025-47930 Zulip Server has access control bypass for restrictions on creation of specific channel types
Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the "Who can create public channels" access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel privacy to public. A similar technique...
CVE-2025-47930
Zulip Server vulnerability CVE-2025-47930 affects versions 10.0–10.2, where the access control for creating certain channel types can be bypassed by creating a private or web-public channel and then changing its privacy to public (and a similar method to create private channels without permission...
Zulip 安全漏洞
Zulip is a powerful open-source group chat application from Zulip, Inc. for combining the immediacy of real-time chat with the productivity benefits of threaded conversations. A security vulnerability exists in Zulip versions prior to 10.0 to 10.3, which stems from a channel creation permission...
CVE-2022-49909
...
CVE-2022-49909
The connected advisories describe CVE-2022-49909 as a Linux kernel Bluetooth L2CAP use-after-free (A2MP) in l2cap_conn_del(). When l2cap_recv_frame() processes data and creates an A2MP channel that is not held, the reference counting can reach 1, and during hci_error_reset(), l2cap_chan_unlock() ...
SUSE CVE-2024-58009
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: handle NULL sock pointer in l2capsockalloc A NULL sock pointer is passed into l2capsockalloc when it is called from l2capsocknewconnectioncb and the error handling paths should also be aware of it. Seemingly a...
drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new()
...
DEBIAN-CVE-2024-56752
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/gr/gf100: Fix missing unlock in gf100grchannew When the call to gf100grctxgenerate fails, unlock gr-fecs.mutex before returning the error. Fixes smatch warning: drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c:480...
BIT-MATTERMOST-2024-39837
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled...
Improper Access Control
github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability is caused due to a failure to properly restrict channel creation. This allows a malicious remote user to create arbitrary channels, when shared channels were enabled...
GO-2024-3032 Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server...
Mattermost did not properly restrict channel creation
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled...
GHSA-VVPG-55P7-5H8W Mattermost did not properly restrict channel creation
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled...