SUSE CVE-2025-46702

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin...

DRUPAL-CONTRIB-2021-002

The Social User Export module enables users within Open Social to create an export of users and download this to a CSV file. The module doesn't sufficiently check access when building the CSV file, allowing logged-in users without the manage members permission to be able to export all data from a...

Shopify: stored xss in invited team member via email parameter

Hey there, while testing your program I found a stored XSS vulnerability which can placed by owners or other staff members who have ability to manage members and it will triggered by visiting invited team member page e.g. https://partners.shopify.com/642416/invitations/15406. Reproduction Steps 1...