Lucene search
+L

385 matches found

SUSE CVE
SUSE CVE
added 2025/04/24 3:24 a.m.6 views

SUSE CVE-2025-24866

Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...

2.7CVSS4AI score0.00278EPSS
Exploits0References3
OSV
OSV
added 2025/04/22 4:56 p.m.10 views

GO-2025-3604 Mattermost Fails to Enforce Proper Access Controls on `/api/v4/audits` Endpoint in github.com/mattermost/mattermost-server

Mattermost Fails to Enforce Proper Access Controls on /api/v4/audits Endpoint in github.com/mattermost/mattermost-server...

2.7CVSS6.7AI score0.00278EPSS
Exploits0References3
Snyk
Snyk
added 2025/04/10 6:32 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the /api/v4/audits endpoint. An attacker can retrieve User Activity Logs by exploiting insufficient access controls, despite not having the required permissions for Compliance Monitoring. Remediation...

5.1CVSS7AI score0.00278EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/10 6:32 p.m.3 views

Incorrect Authorization

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization through the /api/v4/audits endpoint. An attacker can retrieve User Activity Logs by exploiting insufficient access control...

5.1CVSS6.9AI score0.00278EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/10 6:32 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the /api/v4/audits endpoint. An attacker can retrieve User Activity Logs by exploiting insufficient access controls, despite not having the required permissions for Compliance Monitoring. Remediation...

5.1CVSS4.2AI score0.00278EPSS
Exploits0References2
OSV
OSV
added 2025/04/10 3:33 p.m.6 views

CVE-2025-24866 Unauthorized Access to User Activity Logs API by delegated granular administration roles

Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...

2.7CVSS5.9AI score0.00278EPSS
Exploits0References3
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2025/03/19 12:0 a.m.39 views

Stable Channel Update for Desktop

The Stable channel has been updated to 134.0.6998.117/.118 for Windows, Mac and 134.0.6998.117 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Extended stable channel has been updated to 134.0.6998.118 for Win/Mac and will ro...

8.8CVSS9.3AI score0.00791EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/03/13 12:0 a.m.4 views

Issuetrak 安全漏洞

Issuetrak is an issue tracking software from Issuetrak, Inc. A security vulnerability exists in Issuetrak v17.2.2 and prior versions, which stems from an insecure direct object reference in the auditing component that could lead to a low-privileged user accessing another user's audit results,...

7.7CVSS6.4AI score0.00306EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/03/03 12:0 a.m.4 views

openSUSE Security Advisory (openSUSE-SU-2025:0077-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References3
OSV
OSV
added 2025/02/27 10:18 a.m.5 views

OPENSUSE-SU-2025:0077-1 Security update for chromium

This update for chromium fixes the following issues: Chromium 133.0.6943.141 boo1237699: This update includes 1 security fix. Various fixes from internal audits, fuzzing and other initiatives - fix build with qt6 and enable qt6 also for 15.x...

7.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/27 12:0 a.m.3 views

PT-2025-19433 · Opensuse +1 · Chromium

Name of the Vulnerable Software and Affected Versions: Chromium version 133.0.6943.141 Description: This update addresses a security issue identified through internal audits and fuzzing. The update includes fixes from these initiatives. Recommendations: Update to Chromium version 133.0.6943.141...

7.3AI score
Exploits0References3
Qualys Blog
Qualys Blog
added 2025/02/18 4:0 p.m.14 views

Securing Dynamic Cloud Environments: Best Practices for Comprehensive Scanning

As organizations increasingly adopt cloud-native development, the complexity of securing dynamic environments continues to grow. Vulnerability scanning remains a cornerstone of cloud security, enabling organizations to identify and address risks effectively. However, with the increasing prevalenc...

8AI score
Exploits0
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2025/01/28 12:0 a.m.46 views

Stable Channel Update for Desktop

The Stable channel has been updated to 132.0.6834.159/160 for Windows, Mac and 132.0.6834.159 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. The extended stable channel has been updated to 132.0.6834.160 Windows, Mac and wil...

8.8CVSS7.8AI score0.00339EPSS
Exploits0Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/01/24 9:8 a.m.5 views

Malicious code in ig-lighthouse-security-audits (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 226acd90be6fefc4cd12da9d6b73604ee919205ed49e1e44f5d336b5576c3717 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSV
added 2025/01/24 9:8 a.m.5 views

MAL-2025-575 Malicious code in ig-lighthouse-security-audits (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 226acd90be6fefc4cd12da9d6b73604ee919205ed49e1e44f5d336b5576c3717 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2025/01/07 12:0 a.m.38 views

Stable Channel Update for Desktop

The Stable channel has been updated to 131.0.6778.264/.265 for Windows, Mac and 131.0.6778.264 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...

8.8CVSS7.1AI score0.07435EPSS
Exploits1Affected Software1
The Hacker News
The Hacker News
added 2024/12/30 12:43 p.m.10 views

New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits

The United States Department of Health and Human Services' HHS Office for Civil Rights OCR has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients' data against potential cyber attacks. The proposal, which seeks to modify the Health Insurance...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/12/10 12:0 a.m.6 views

PT-2024-9874 · Pwndoc · Pwndoc

Name of the Vulnerable Software and Affected Versions: PwnDoc versions up to and including 0.5.3 Description: The issue is related to insufficient input validation in the audits interface of the PwnDoc tool, which can be exploited by an authenticated user to crash the backend by raising an...

6.8CVSS6.7AI score0.00594EPSS
Exploits1References8
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2024/12/10 12:0 a.m.23 views

Stable Channel Update for Desktop

The Stable channel has been updated to 131.0.6778.139/.140 for Windows, Mac and 131.0.6778.139 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...

8.8CVSS7.4AI score0.04071EPSS
Exploits2Affected Software1
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2024/12/03 12:0 a.m.34 views

Stable Channel Update for Desktop

The Stable channel has been updated to 131.0.6778.108/.109 for Windows, Mac and 131.0.6778.108 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...

8.8CVSS7.3AI score0.00862EPSS
Exploits0Affected Software1
Rows per page
Query Builder