5320 matches found
PT-2025-47050
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.7 through 18.3.6 GitLab CE/EE versions 18.4 through 18.4.4 GitLab CE/EE versions 18.5 through 18.5.2 Description A flaw exists in GitLab CE/EE that could allow a blocked user to access sensitive information. This is...
Brightpick Mission Control 安全漏洞
Brightpick Mission Control is a centralized control platform for mission management from Brightpick USA. A security vulnerability exists in Brightpick Mission Control that originates from the disclosure of device telemetry, configuration, and credential information to unauthenticated users via...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability in GitLab CE and EE versions 16.7 through 18.3.6 prio...
CVE-2025-64309
Brightpick Mission Control is affected. Multiple sources (NVD, Red Hat, CVE lists, and security advisories) describe a vulnerability where an unauthenticated user can access a WebSocket URL and exfiltrate device telemetry, configuration data, and credentials. The unauthenticated URL can be discov...
CVE-2025-64309 Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials
Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques...
EUVD-2025-197664
Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques...
CVE-2025-64309 Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials
Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques...
GHSA-XPG8-8XPV-948P Mattermost does not enforce MFA on WebSocket connections
Mattermost versions 11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information via WebSocket events...
Mattermost does not enforce MFA on WebSocket connections
Mattermost versions 11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information via WebSocket events...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of multi-factor authentication enforcement in WebSocket connections. An attacker can gain unauthorized access to sensitive information by establishing a WebSocket connection...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of multi-factor authentication enforcement in WebSocket connections. An attacker can gain unauthorized access to sensitive information by establishing a WebSocket connection...
CVE-2025-55070
Mattermost versions 11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information via WebSocket events...
CVE-2025-55070
Mattermost versions 11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information via WebSocket events...
CVE-2025-55070 Lack of MFA enforcement in WebSocket connections
Mattermost versions 11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information via WebSocket events...
EUVD-2025-186556
Mattermost versions 11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information via WebSocket events...
CVE-2025-55070 Lack of MFA enforcement in WebSocket connections
Mattermost versions 11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information via WebSocket events...
CVE-2025-55070
CVE-2025-55070 affects Mattermost Server versions
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in versions prior to Mattermost 11 that stems from a WebSocket connection that does not enforce multi-factor authentication, which could result in an unauthenticated use...
PT-2025-46947
Name of the Vulnerable Software and Affected Versions Mattermost versions prior to 11 Description Mattermost versions before 11 do not enforce multi-factor authentication on WebSocket connections. This allows unauthenticated users to access sensitive information through WebSocket events...
PT-2025-47031
Name of the Vulnerable Software and Affected Versions Brightpick Mission Control affected versions not specified Description Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users connecting to a specific URL...