Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/05/18 7:0 a.m.50 views

CVE-2026-6342 Group prefix matching bypass for subscriptions

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces which allows plugin users to create subscriptions to groups that were not whitelisted via creating groups that share the same prefix as a whitelisted group. Mattermost Advisory ID:...

4.3CVSS0.00152EPSS
Exploits0References1
CVE
CVE
added 2026/05/18 7:0 a.m.25 views

CVE-2026-6342

Mattermost plugins vulnerable to a namespace prefix-matching bypass. Affected: Mattermost Plugins versions

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/14 3:36 p.m.9 views

CVE-2026-42590 Gotenberg: ExifTool group-prefix syntax bypasses dangerous-tag blocklist

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/07 12:55 a.m.15 views

Gotenberg's ExifTool group-prefix syntax bypasses dangerous-tag blocklist

Summary The ExifTool metadata write blocklist in Gotenberg v8 can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. This is a bypass of the fix for GHSA-qmwh-9m9c-h36m. Details The blocklist in...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/07 12:55 a.m.14 views

GHSA-7V3R-M9C8-R855 Gotenberg's ExifTool group-prefix syntax bypasses dangerous-tag blocklist

Summary The ExifTool metadata write blocklist in Gotenberg v8 can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. This is a bypass of the fix for GHSA-qmwh-9m9c-h36m. Details The blocklist in...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References4
Rows per page
Query Builder