Lucene search
K

83 matches found

EUVD
EUVD
added 3 days ago6 views

EUVD-2026-40439

Capgo before 12.128.2 allows multiple public channels for the same app and platform to coexist simultaneously, while unnamed /updates requests without defaultChannel implicitly resolve to a single hidden winner channel. An authorized app or channel manager can create ambiguous default update stat...

7.1CVSS5.8AI score0.00247EPSS
Exploits0References3
NVD
NVD
added 4 days ago8 views

CVE-2026-56328

Capgo before 12.128.2 allows multiple public channels for the same app and platform to coexist simultaneously, while unnamed /updates requests without defaultChannel implicitly resolve to a single hidden winner channel. An authorized app or channel manager can create ambiguous default update stat...

7.1CVSS0.00247EPSS
Exploits0References2
CVE
CVE
added 4 days ago6 views

CVE-2026-56328

Capgo before 12.128.2 is affected by an integrity issue where multiple public channels for the same app/platform can coexist, and unnamed /updates requests without a defaultChannel may resolve to a hidden winner channel. An authorized app or channel manager can create an ambiguous default update ...

7.1CVSS5.8AI score0.00247EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago22 views

CVE-2026-56328 Capgo - Integrity Issue in Release Routing via Multiple Public Channels

Capgo before 12.128.2 allows multiple public channels for the same app and platform to coexist simultaneously, while unnamed /updates requests without defaultChannel implicitly resolve to a single hidden winner channel. An authorized app or channel manager can create ambiguous default update stat...

7.1CVSS0.00247EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 9:4 p.m.6 views

EUVD-2026-38373

Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channelself endpoint that allows unauthenticated attackers to enumerate non-public channel names and determine app existence and subscription status. Remote attackers can send GET requests with arbitrary...

8.7CVSS5.9AI score0.00379EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: Fixed an issue where the clientcount variable was incremented twice for public channels when dmachanget was called for a channel. This occurred first in balancerefcount, and again before returning. As a result, the...

7.8CVSS6.3AI score0.00219EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 9:16 p.m.10 views

CVE-2026-44786

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, chat events for public category channels are published to MessageBus without permission scoping, so any MessageBus...

7.5CVSS0.00259EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:22 p.m.23 views

CVE-2026-44786

CVE-2026-44786 affects Discourse: versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1 allow chat events from public category channels to be published to MessageBus without proper permission scoping, enabling any MessageBus subscr...

7.5CVSS5.3AI score0.00259EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/12 8:22 p.m.31 views

CVE-2026-44786 Discourse: Public chat MessageBus broadcasts are not restricted to chat-eligible users

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, chat events for public category channels are published to MessageBus without permission scoping, so any MessageBus...

7.5CVSS0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-48983

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description Chat events for public category channels are published to the MessageBus without permission scoping. This allows any MessageBus...

7.5CVSS5.3AI score0.00259EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/08 7:50 p.m.11 views

Incorrect Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Incorrect Authorization in the setaccessgrants process. An attacker can override administrative access controls by submitting arbitrary access grants, including wildcard grants, which are persisted without...

5.4CVSS5.9AI score0.0019EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/03/28 6:28 p.m.4 views

SUSE CVE-2026-2458

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate team membership when searching channels which allows a removed team member to enumerate all public channels within a private team via the channel search API endpoint.. Mattermost Advisory ID:...

4.3CVSS5.9AI score0.00165EPSS
Exploits0References3
OSV
OSV
added 2026/03/23 6:14 p.m.4 views

GO-2026-4729 Mattermost allows a removed team member to enumerate all public channels within a private team in github.com/mattermost/mattermost-server

Mattermost allows a removed team member to enumerate all public channels within a private team in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causi...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/16 3:30 p.m.12 views

Mattermost allows a removed team member to enumerate all public channels within a private team

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate team membership when searching channels which allows a removed team member to enumerate all public channels within a private team via the channel search API endpoint. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References4Affected Software2
Snyk
Snyk
added 2026/03/16 3:30 p.m.2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the channel search API endpoint. An attacker can access information about all public channels within a private team by querying the API after being removed from the team. Remediation Upgrade...

5.3CVSS5.8AI score0.00165EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/16 3:30 p.m.2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the channel search API endpoint. An attacker can access information about all public channels within a private team by querying the API after being removed from the team. Remediation Upgrade...

5.3CVSS5.8AI score0.00165EPSS
Exploits0References2
OSV
OSV
added 2026/03/16 3:30 p.m.3 views

GHSA-679F-WMRG-QF57 Mattermost allows a removed team member to enumerate all public channels within a private team

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate team membership when searching channels which allows a removed team member to enumerate all public channels within a private team via the channel search API endpoint. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References4
OSV
OSV
added 2026/03/16 2:19 p.m.4 views

CVE-2026-2458

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate team membership when searching channels which allows a removed team member to enumerate all public channels within a private team via the channel search API endpoint.. Mattermost Advisory ID:...

4.3CVSS5.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/16 11:27 a.m.4 views

CVE-2026-2458 Unauthorized channel enumeration in private teams after member removal

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate team membership when searching channels which allows a removed team member to enumerate all public channels within a private team via the channel search API endpoint.. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/16 11:27 a.m.6 views

CVE-2026-2458

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate team membership when searching channels which allows a removed team member to enumerate all public channels within a private team via the channel search API endpoint.. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder