Lucene search
K

6 matches found

CVE
CVE
added 2026/07/07 9:18 p.m.14 views

CVE-2026-55418

Summary: CVE-2026-55418 affects FastGPT prior to v4.15.0-beta5, where two FastGPT file handlers authorize an unrelated resource and then sign or read an S3 object using a key taken directly from the request. The key’s association with the caller’s team is not validated, allowing cross-team file d...

8.6CVSS6AI score0.00299EPSS
Exploits0References4
NVD
NVD
added 2026/05/21 8:16 a.m.16 views

CVE-2026-4055

Mattermost versions 11.5.x = 11.5.1 fail to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request...

4.3CVSS0.00152EPSS
Exploits0References1
OSV
OSV
added 2026/03/16 12:7 p.m.7 views

CVE-2026-4265 Guest user can upload files without permission across teams

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to validate team-specific uploadfile permissions which allows a guest user to post files in channels where they lack uploadfile permission via uploading files in a team where they have permission and reusing the file...

4.3CVSS6.3AI score0.00218EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.4 views

PT-2025-46871

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.0 through 10.5.11 Mattermost versions 10.11.0 through 10.11.3 Description The software does not properly validate team membership permissions in the Add Channel Member API. This allows users from one team to access use...

4.3CVSS6.2AI score0.00177EPSS
Exploits0References10
SUSE Linux
SUSE Linux
added 2025/06/16 2:54 p.m.4 views

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching bsc1242006. CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer serialization bsc1230581...

8.5CVSS8.6AI score0.00618EPSS
Exploits3References740
Rapid7 Blog
Rapid7 Blog
added 2025/03/12 1:1 p.m.5 views

Explaining External Network Assessment with Vector Command

Learn how external network assessment works within Vector Command, Rapid7’s continuous red team managed service. Understanding threat exposure management Let’s start by providing some context around where Vector Command fits into a security program and more specifically Continuous Threat Exposure...

7.7AI score
Exploits0
Rows per page
Query Builder