13 matches found
CVE-2026-49097 Apache Camel: Camel-IRC: The irc.sendTo (and other irc.*) Exchange header constants used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to redirect outgoing IRC messages to arbitrary channels or users
Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header the constant...
GO-2026-4519 Mattermost Plugin Zoom allows any logged-in user to change Zoom meeting restrictions for arbitrary channels in github.com/mattermost/mattermost-plugin-zoom
Mattermost Plugin Zoom allows any logged-in user to change Zoom meeting restrictions for arbitrary channels in github.com/mattermost/mattermost-plugin-zoom...
GHSA-2PHX-FRHF-XR55 Mattermost Plugin Zoom allows any logged-in user to change Zoom meeting restrictions for arbitrary channels
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...
CVE-2026-0997
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...
CVE-2026-0997 Mattermost Zoom Plugin channel preference API lacks authorization checks
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...
Improper Access Control
github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability is due to inadequate validation when shared channels are enabled, allowing an attacker to create, update, or delete arbitrary posts in arbitrary channels...
GO-2024-3023 Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server...
GHSA-VG67-CHM7-8M3J Mattermost allows remote actor to create/update/delete posts in arbitrary channels
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels...
CVE-2024-39837 Malicious remote can create arbitrary channels
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled...
PT-2024-28692 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.9.x through 9.9.0 Mattermost versions 9.5.x through 9.5.6 Description: The issue is related to the improper restriction of channel creation, allowing a malicious remote user to create arbitrary channels when shared...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from a failure to properly restrict channel creation when shared channels are enabled, which allows a malicious remote person to create arbitrar...
PT-2024-29293 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.9.x through 9.9.0 Mattermost versions 9.5.x through 9.5.6 Mattermost versions 9.7.x through 9.7.5 Mattermost versions 9.8.x through 9.8.1 Description: The issue arises from the failure to properly validate synced posts...
DEBIAN-CVE-2019-11783
Improper access control in mail module channel partners in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited...