CVE-2026-26230 Team Admin Privilege Escalation to Demote Members to Guest

Mattermost versions 10.11.x = 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mattermost Advisory ID: MMSA-2025-00531...

EUVD-2026-8828

Fleet: Authorization Bypass in certificate template batch deletion for team administrators...

CVE-2026-25963

Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...

CVE-2026-25963 Fleet: Authorization Bypass in certificate template batch deletion for team administrators

Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...

CVE-2026-25963

Fleet is an open source device management platform. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could let a team administrator delete certificate templates belonging to other teams within the same Fleet instance. The affected flow validat...

CVE-2026-25963 Fleet: Authorization Bypass in certificate template batch deletion for team administrators

Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...

CVE-2025-14573

Mattermost advisory MMSA-2025-00561 describes a vulnerability in Mattermost versions 10.11.x ≤ 10.11.9 where invite permissions are not enforced when updating team settings. This allows team administrators lacking proper permissions to bypass restrictions and add users to their team via API reque...

SUSE CVE-2016-11080

An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details...

GO-2025-4063 Mattermost Server exposes account details to any Team Administrator in github.com/mattermost/mattermost-server

Mattermost Server exposes account details to any Team Administrator in github.com/mattermost/mattermost-server...

EUVD-2016-2069

Malware in sbrugna...

CVE-2025-3913

Mattermost Server vulnerability CVE-2025-3913 affects versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, and 9.11.x

CVE-2016-11080

An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details...

CVE-2024-54682

Mattermost versions 10.1.x = 10.1.2, 10.0.x = 10.0.2, 9.11.x = 9.11.4, 9.5.x = 9.5.12 fail to limit the file size for slack import file uploads which allows a user to cause a DoS via zip bomb by importing data in a team they are a team admin...

CVE-2024-25632 Unauthorised granting of administrator privileges over arbitrary teams under certain circumstances

eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A user may be an administrator in one team and a regular user in another. The...

PT-2024-21052 · Elabftw · Elabftw

Name of the Vulnerable Software and Affected Versions: eLabFTW versions prior to 5.1.0 Description: The issue allows a regular user to become an administrator of a team where they are a member, under a reasonable configuration. In versions subsequent to v5.0.0, it may also allow an initially...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 9.5.x through 9.5.3 and 8.1.x through 8.1.12, which stems from the presence of an issue where a team administrator can promote a guest to a team...

Mattermost 信息泄露漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from allowing an attacker with team administrator privileges to learn the team owner's email address in a response...

GHSA-G3F3-P9RC-775P Mattermost Server exposes account details to any Team Administrator

An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details...

Mattermost Server exposes account details to any Team Administrator

An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details...

UBUNTU-CVE-2022-24841

fleetdm/fleet is an open source device management, built on osquery. All versions of fleet making use of the teams feature are affected by this authorization bypass issue. Fleet instances without teams, or with teams but without restricted team accounts are not affected. In affected versions a te...