15 matches found
EUVD-2026-36582
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, chat events for public category channels are published to MessageBus without permission scoping, so any MessageBus...
Practical Quantum Teleportation with Finite-Energy Codebooks
Quantum communication exploits non-classical correlations to achieve efficient and unconditionally secure exchange of information. In particular, the quantum teleportation protocol allows for a deterministic and secure transfer of unknown quantum states by using pre-shared quantum entanglement an...
EUVD-2022-34671
Malicious code in bioql PyPI...
EUVD-2025-28135
Malicious code in bioql PyPI...
PT-2025-31649
Name of the Vulnerable Software and Affected Versions Cursor versions prior to 1.3.9 Description Cursor, an AI-powered code editor, had a flaw that allowed writing files in the workspace without user approval in versions prior to 1.3.9. If a sensitive MCP file, such as .cursor/mcp.json, did not...
Mattermost Improper Access Control Vulnerability
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an Improper Access Control vulnerability that stems from a failure to properly access control, which can be exploited by an attacker to view metadata about members of a public...
Improper Access Control
github.com/mattermost/mattermost-server is vulnerable to improper access control. The vulnerability is due to insufficient enforcement of access restrictions, which allows guest users to access metadata about members of public channels via the channel members API endpoint...
Mattermost fails to properly enforce access controls for guest users
Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to properly enforce access controls for guest users accessing channel member information, allowing authenticated guest users to view metadata about members of public channels via the channel members API endpoint...
CVE-2025-1792 Improper Access Control in Mattermost Channel Member API
Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to properly enforce access controls for guest users accessing channel member information, allowing authenticated guest users to view metadata about members of public channels via the channel members API endpoint...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an Improper Access Control vulnerability that stems from a failure to properly access control, which can be exploited by an attacker to view metadata about members of a public...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from an unenforced channel switching restriction that allows a member with privileges to switch a public channel to a private channel or a priva...
CVE-2024-34152
Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to perform proper access control which allows a guest to get the metadata of a public playbook run that linked to the channel they are guest via sending an RHSRuns GraphQL query request to the server...
CVE-2024-1887 Public channel post content accessible without membership when compliance export is enabled
Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export...
Mattermost Security Vulnerabilities
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from the inability to check if compliance export is enabled when fetching posts from a public channel, allowing users who are not members of...
Mattermost: Privilege Escalation leading to post in channel without having privilege
Hi H1, mattermost.cloud has a feature of making a channel and once its set to public any other user can join the channel and post comments on that channel. In System Console -- Channel -- Permission channel owner can assign wether member can post comment or not. Once channel owner selects that...