12 matches found
CVE-2026-6341 Incomplete group locking implementation
Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the user can create issues or attach comments to which allows a user that is member of multiple groups to create issues to a locked group via direct API requests. Mattermost Advisory ID:...
Mattermost Plugins 安全漏洞
Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions 11.5, 11.1.5, 10.13.11, and 11.3.4.0 of Mattermost Plugins contain security vulnerabilities. These...
WordPress BuddyTask plugin <= 1.3.0 - Missing Authorization to Authenticated (Subscriber+) Cross-Group Task Board Access and Manipulation vulnerability
Missing Authorization to Authenticated Subscriber+ Cross-Group Task Board Access and Manipulation vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin BuddyTask versions = 1.3.0...
Linux Distros Unpatched Vulnerability : CVE-2023-6955
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to...
UBUNTU-CVE-2025-5121
An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Execution of arbitrary code User Rights - Execution of arbitrary code System Rights - Obtaining...
CVE-2023-6955
A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group...
UBUNTU-CVE-2023-6955
A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group...
PT-2023-8248 · Gitlab · Gitlab Remote Development +1
Name of the Vulnerable Software and Affected Versions: GitLab Remote Development versions prior to 16.5.6 GitLab Remote Development version 16.6 prior to 16.6.4 GitLab Remote Development version 16.7 prior to 16.7.2 Description: The issue is related to improper access control in GitLab Remote...
OESA-2023-1413 kubernetes security update
Container cluster management. Security Fixes: Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are...
IBM Sterling B2B Integrator 安全漏洞
IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. An elevation of privilege...
lpextranet.southerncrossgroup.com XSS vulnerability
Open Bug Bounty ID: OBB-616127 Description| Value ---|--- Affected Website:| lpextranet.southerncrossgroup.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6...