Lucene search
+L

15151 matches found

Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.19 views

PT-2026-48937

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.6.0 through 11.6.1 Mattermost versions 11.5.0 through 11.5.4 Mattermost versions 10.11.0 through 10.11.16 Description An issue exists where the system fails to enforce the PermissionInviteUser check when setting...

4.3CVSS5.9AI score0.00152EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.28 views

PT-2026-48954

Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members API. The Jetstream web team page authorizes access with only belongsToTeam and then loads and...

4.3CVSS5.3AI score0.00183EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.20 views

PT-2026-48874

Name of the Vulnerable Software and Affected Versions n8n-mcp versions prior to 2.56.1 Description An authorization flaw exists in multi-tenant HTTP mode when ENABLE MULTI TENANT is set to true. This allows authenticated tenants to read and delete workflow version backups belonging to other...

9.9CVSS6.1AI score0.00389EPSS
Exploits0References11
GithubExploit
GithubExploit
added 2026/06/10 7:49 a.m.111 views

The-Full-Attack-Chain

⚔️ The Full Attack Chain — Capstone Red Team Engagement Int...

10CVSS7.9AI score0.96184EPSS
Exploits36
GithubExploit
GithubExploit
added 2026/06/07 5:19 p.m.118 views

HackTheBox

HackTheBox — Writeups, Tooling & Exploitation Pipelines A wor...

10CVSS7.6AI score0.99562EPSS
Exploits397
GithubExploit
GithubExploit
added 2026/06/07 3:50 p.m.85 views

kaido-waf

⚔️ Kaido WAF Web Application Firewall do Kaido Red Team...

6AI score
Exploits0
OSV
OSV
added 2026/06/05 8:35 p.m.12 views

GHSA-C3QP-2GGW-XJG7 Shopper: Authorization bypass and RBAC privilege escalation in team settings

Impact Two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system: - Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public actions to create new roles and delete other users,...

9.9CVSS5.6AI score0.00321EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/05 8:35 p.m.22 views

Shopper: Authorization bypass and RBAC privilege escalation in team settings

Impact Two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system: - Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public actions to create new roles and delete other users,...

9.9CVSS5.7AI score0.00321EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-41498

Kimai is an open-source time tracking application. Prior to version 2.54.0, the Team API endpoints use IsGranted'editteam' instead of IsGranted'edit', 'team', causing Symfony TeamVoter to abstain from voting. This removes entity-level ownership checks on team operations, allowing any user with th...

3.3CVSS5.4AI score0.00247EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.11 views

CVE-2026-42526

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

5.3CVSS5.4AI score0.00413EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.9 views

CVE-2026-4286

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

4.3CVSS5.4AI score0.00143EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.10 views

CVE-2025-68060

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPMart Team Member allows Blind SQL Injection. This issue affects Team Member: from n/a through 8.5...

7.6CVSS5.6AI score0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.10 views

CVE-2025-62745

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Team Showcase allows Stored XSS. This issue affects Team Showcase: from n/a through 1.22.28...

6.5CVSS5.4AI score0.00171EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.10 views

CVE-2026-3636

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to sanitize team member data when returned via API to users without elevated permissions which allows a user without permissions to get data about team members roles via invoking various team API...

4.3CVSS5.4AI score0.00184EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.15 views

CVE-2026-9526

A vulnerability was found in itsourcecode Electronic Judging System 1.0. This vulnerability affects unknown code of the file /admin/editteam.php. The manipulation of the argument numid results in sql injection. The attack may be launched remotely. The exploit has been made public and could be use...

7.5CVSS7AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.11 views

CVE-2026-27349

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.19.5...

4.3CVSS5.5AI score0.00171EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.13 views

CVE-2026-45264

Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before 21.0.4, a user with READ and CREATE permission, but no UPDATE permission for a team folder can...

4.3CVSS5.3AI score0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.13 views

CVE-2026-4055

Mattermost versions 11.5.x = 11.5.1 fail to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request...

4.3CVSS5.5AI score0.00152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.11 views

CVE-2026-40603

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...

6.5CVSS5.4AI score0.00241EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.18 views

CVE-2026-47744

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public...

9.9CVSS5.6AI score0.00321EPSS
Exploits0References1
Rows per page
Query Builder