CVE-2026-4055

Mattermost versions 11.5.x = 11.5.1 fail to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request...

CVE-2026-4265

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to validate team-specific uploadfile permissions which allows a guest user to post files in channels where they lack uploadfile permission via uploading files in a team where they have permission and reusing the file...

PT-2025-46871

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.0 through 10.5.11 Mattermost versions 10.11.0 through 10.11.3 Description The software does not properly validate team membership permissions in the Add Channel Member API. This allows users from one team to access use...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching bsc1242006. CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer serialization bsc1230581...

Explaining External Network Assessment with Vector Command

Learn how external network assessment works within Vector Command, Rapid7’s continuous red team managed service. Understanding threat exposure management Let’s start by providing some context around where Vector Command fits into a security program and more specifically Continuous Threat Exposure...