36 matches found
EUVD-2025-206979
Mattermost versions 10.11.x = 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561...
TMS code-related vulnerabilities
TMS is a channel-based team communication and collaboration tool developed by Weicheng’s individual developers, along with a lightweight task board. Versions of TMS 2.28.0 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect handling of the parameter url in the...
TMS 代码注入漏洞
TMS is a channel-based team communication and collaboration + lightweight task dashboard by weicheng individual developers. A code injection vulnerability exists in TMS 2.28.0 and earlier versions, which stems from the incorrect operation of the parameter content in the file...
EUVD-2024-22950
Malicious code in bioql PyPI...
EUVD-2024-2149
Malicious code in bioql PyPI...
CVE-2024-5710
berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any...
CVE-2022-1967
The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it coul...
CVE-2025-3446 Members Without Guest Invite Permissions Can Add Guests to Teams
Mattermost versions 10.6.x = 10.6.1, 10.5.x = 10.5.2, 10.4.x = 10.4.4, 9.11.x = 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a single user to a team...
CVE-2024-58071
In the Linux kernel, the following vulnerability has been resolved: team: prevent adding a device which is already a team device lower Prevent adding a device which is already a team device lower, e.g. adding veth0 if vlan1 was already added and veth0 is a lower of vlan1. This is not useful in...
CVE-2024-25632
eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A user may be an administrator in one team and a regular user in another. The...
litellm vulnerable to improper access control in team management
berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any...
GHSA-QQCV-VG9F-5RR3 litellm vulnerable to improper access control in team management
berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any...
CVE-2024-5710
berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any...
CVE-2024-5710
berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any...
CVE-2024-5714 Improper Access Control in lunary-ai/lunary
In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite users to projects in other organizations, change members to projects in other organizations with...
CVE-2024-5714 Improper Access Control in lunary-ai/lunary
In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite users to projects in other organizations, change members to projects in other organizations with...
CVE-2024-5710 Improper Access Control in Team Management in berriai/litellm
berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any...
CVE-2024-5710
CVE-2024-5710 affects berriai/litellm version 1.34.34. The issue is an improper access control in the Team Management feature, caused by insufficient access control checks across various endpoints. This enables unauthorized actors to perform actions such as creating, updating, viewing, deleting, ...
CVE-2024-5710 Improper Access Control in Team Management in berriai/litellm
berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any...
PT-2024-37087 · Unknown · Berriai/Litellm
Name of the Vulnerable Software and Affected Versions: berriai/litellm version 1.34.34 Description: The issue is related to improper access control in the team management functionality, allowing attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and...