GO-2025-3905 Mattermost Does Not Sanitize the Team Invite ID in github.com/mattermost/mattermost-server

Mattermost Does Not Sanitize the Team Invite ID in github.com/mattermost/mattermost-server...

Linux Distros Unpatched Vulnerability : CVE-2021-21375

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN,...

Linux Distros Unpatched Vulnerability : CVE-2021-22243

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain...

Linux Distros Unpatched Vulnerability : CVE-2022-1981

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab,...

CVE-2025-47870

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2 fail to sanitize the team invite ID in the POST /api/v4/teams/:teamId/restore endpoint which allows an team admin with no member invite privileges to get the team’s invite id...

GHSA-QJ47-W9F2-QG44 Mattermost Does Not Sanitize the Team Invite ID

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2 fail to sanitize the team invite ID in the POST /api/v4/teams/:teamId/restore endpoint which allows an team admin with no member invite privileges to get the team’s invite id...

Mattermost Does Not Sanitize the Team Invite ID

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2 fail to sanitize the team invite ID in the POST /api/v4/teams/:teamId/restore endpoint which allows an team admin with no member invite privileges to get the team’s invite id...

CVE-2025-47870

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2 fail to sanitize the team invite ID in the POST /api/v4/teams/:teamId/restore endpoint which allows an team admin with no member invite privileges to get the team’s invite id...

CVE-2025-47870

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2 fail to sanitize the team invite ID in the POST /api/v4/teams/:teamId/restore endpoint which allows an team admin with no member invite privileges to get the team’s invite id...

CVE-2025-47870 Team invite ID leaked to team admin with no member invite privileges

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2 fail to sanitize the team invite ID in the POST /api/v4/teams/:teamId/restore endpoint which allows an team admin with no member invite privileges to get the team’s invite id...

CVE-2025-47870

Mattermost Server contains a vulnerability where the team invite ID is not sanitized in the POST /api/v4/teams/:teamId/restore endpoint. Affected versions include Mattermost Server 9.11.x <= 9.11.17, 10.5.x <= 10.5.8, 10.8.x <= 10.8.3, and 10.9.x

CVE-2025-47870 Team invite ID leaked to team admin with no member invite privileges

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2 fail to sanitize the team invite ID in the POST /api/v4/teams/:teamId/restore endpoint which allows an team admin with no member invite privileges to get the team’s invite id...

PT-2025-34200 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.5.x through 10.5.8 Mattermost versions 9.11.x through 9.11.17 Mattermost versions 10.8.x through 10.8.3 Mattermost versions 10.9.x through 10.9.2 Description: The Mattermost application fails to sanitize the team invite...

Linux Distros Unpatched Vulnerability : CVE-2020-28242

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk befo...

Linux Distros Unpatched Vulnerability : CVE-2018-7286

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. respjsip allows...

Linux Distros Unpatched Vulnerability : CVE-2020-13280

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message. CVE-2020-13280 Note that...

Netflix scammers target jobseekers to trick them into handing over their Facebook logins

In what seems a phishing attack targeted at a certain audience, scammers are impersonating Netflix and reaching out to marketing staff. The initial mail looks like what you might expect from a headhunter or a human resources HR recruitment specialist. "I hope this note finds you well," the email...

PT-2025-33041 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.7 through 18.0.5 GitLab CE/EE versions 18.1 through 18.1.3 GitLab CE/EE versions 18.2 through 18.2.1 Description: The issue allows authenticated users with specific roles and permissions to delete issues, including...

Hackers Hijacked Google’s Gemini AI With a Poisoned Calendar Invite to Take Over a Smart Home

For likely the first time ever, security researchers have shown how AI can be hacked to create real world havoc, allowing them to turn off lights, open smart shutters, and more...

SUSE CVE-2025-6227

Mattermost versions 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API...