Lucene search
K

42 matches found

EUVD
EUVD
added 4 days ago5 views

EUVD-2026-40430

Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite existing channels by reusing their names. Attackers with app.createchannel permission can exploit a logic mismatch between existence validation and...

7.6CVSS5.8AI score0.00257EPSS
Exploits0References3
NVD
NVD
added 5 days ago6 views

CVE-2026-56249

Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite existing channels by reusing their names. Attackers with app.createchannel permission can exploit a logic mismatch between existence validation and...

7.6CVSS0.00257EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago21 views

CVE-2026-56249 Capgo - Unauthorized Channel Overwrite and Ownership Takeover via POST /channel Name Collision

Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite existing channels by reusing their names. Attackers with app.createchannel permission can exploit a logic mismatch between existence validation and...

7.6CVSS0.00257EPSS
Exploits0References2
CVE
CVE
added 5 days ago7 views

CVE-2026-56249

Capgo before 12.128.2 has an authorization bypass in the channel creation endpoint that lets authenticated users overwrite existing channels by reusing names. Attackers with app.create_channel permission can exploit a logic mismatch between existence validation and upsert operations to reassign c...

7.6CVSS5.8AI score0.00257EPSS
Exploits0References2
OSV
OSV
added 2026/03/03 1:29 p.m.4 views

BIT-DISCOURSE-2026-27152 DIscourse has DM communication-preference bypass when adding members

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, DM communication-preference bypass when adding members via Chat::AddUsersToChannel — a user could add targets who have blocked/ignored/muted them to an existing DM channel, bypassing per-recipien...

5.3CVSS6AI score0.00158EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:33 a.m.4 views

CVE-2024-39837

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled...

5.4CVSS7.1AI score0.00283EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-13769

Malware in sbrugna...

4.3CVSS4.9AI score0.00615EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-2667

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.00283EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/11 6:57 p.m.3 views

CVE-2025-8285 Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint...

4CVSS7.1AI score0.00184EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:17 a.m.11 views

CVE-2018-21256

An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions for group-message channel creation via the Group message slash command...

4.3CVSS6.9AI score0.00615EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/18 12:10 a.m.16 views

CVE-2025-47930

Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the "Who can create public channels" access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel privacy to public. A similar technique...

5.3CVSS6.9AI score0.00286EPSS
Exploits0References1
CVE
CVE
added 2025/05/15 11:17 p.m.64 views

CVE-2025-47930

Zulip Server vulnerability CVE-2025-47930 affects versions 10.0–10.2, where the access control for creating certain channel types can be bypassed by creating a private or web-public channel and then changing its privacy to public (and a similar method to create private channels without permission...

5.3CVSS6.6AI score0.00286EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/05/15 11:17 p.m.26 views

CVE-2025-47930 Zulip Server has access control bypass for restrictions on creation of specific channel types

Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the "Who can create public channels" access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel privacy to public. A similar technique...

5.3CVSS0.00286EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.4 views

Zulip 安全漏洞

Zulip is a powerful open-source group chat application from Zulip, Inc. for combining the immediacy of real-time chat with the productivity benefits of threaded conversations. A security vulnerability exists in Zulip versions prior to 10.0 to 10.3, which stems from a channel creation permission...

5.3CVSS6.5AI score0.00286EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/05/01 2:10 p.m.2 views

CVE-2022-49909

...

6.9AI score0.00024EPSS
Exploits0
CVE
CVE
added 2025/05/01 2:10 p.m.90 views

CVE-2022-49909

The connected advisories describe CVE-2022-49909 as a Linux kernel Bluetooth L2CAP use-after-free (A2MP) in l2cap_conn_del(). When l2cap_recv_frame() processes data and creates an A2MP channel that is not held, the reference counting can reach 1, and during hci_error_reset(), l2cap_chan_unlock() ...

6.5AI score0.00024EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/02/28 2:23 a.m.4 views

SUSE CVE-2024-58009

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: handle NULL sock pointer in l2capsockalloc A NULL sock pointer is passed into l2capsockalloc when it is called from l2capsocknewconnectioncb and the error handling paths should also be aware of it. Seemingly a...

5.5CVSS7.6AI score0.00193EPSS
Exploits0References15
Microsoft CVE
Microsoft CVE
added 2025/01/29 8:0 a.m.4 views

drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new()

...

5.5CVSS6.9AI score0.00201EPSS
Exploits0
OSV
OSV
added 2024/12/29 12:15 p.m.1 views

DEBIAN-CVE-2024-56752

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/gr/gf100: Fix missing unlock in gf100grchannew When the call to gf100grctxgenerate fails, unlock gr-fecs.mutex before returning the error. Fixes smatch warning: drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c:480...

5.5CVSS5.7AI score0.00201EPSS
Exploits0References1
OSV
OSV
added 2024/09/05 7:14 p.m.10 views

BIT-MATTERMOST-2024-39837

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled...

5.4CVSS4.9AI score0.00283EPSS
Exploits0References2
Rows per page
Query Builder