42 matches found
EUVD-2026-40430
Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite existing channels by reusing their names. Attackers with app.createchannel permission can exploit a logic mismatch between existence validation and...
CVE-2026-56249
Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite existing channels by reusing their names. Attackers with app.createchannel permission can exploit a logic mismatch between existence validation and...
CVE-2026-56249 Capgo - Unauthorized Channel Overwrite and Ownership Takeover via POST /channel Name Collision
Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite existing channels by reusing their names. Attackers with app.createchannel permission can exploit a logic mismatch between existence validation and...
CVE-2026-56249
Capgo before 12.128.2 has an authorization bypass in the channel creation endpoint that lets authenticated users overwrite existing channels by reusing names. Attackers with app.create_channel permission can exploit a logic mismatch between existence validation and upsert operations to reassign c...
BIT-DISCOURSE-2026-27152 DIscourse has DM communication-preference bypass when adding members
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, DM communication-preference bypass when adding members via Chat::AddUsersToChannel — a user could add targets who have blocked/ignored/muted them to an existing DM channel, bypassing per-recipien...
CVE-2024-39837
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled...
EUVD-2018-13769
Malware in sbrugna...
EUVD-2024-2667
Malicious code in bioql PyPI...
CVE-2025-8285 Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin
Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint...
CVE-2018-21256
An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions for group-message channel creation via the Group message slash command...
CVE-2025-47930
Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the "Who can create public channels" access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel privacy to public. A similar technique...
CVE-2025-47930
Zulip Server vulnerability CVE-2025-47930 affects versions 10.0–10.2, where the access control for creating certain channel types can be bypassed by creating a private or web-public channel and then changing its privacy to public (and a similar method to create private channels without permission...
CVE-2025-47930 Zulip Server has access control bypass for restrictions on creation of specific channel types
Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the "Who can create public channels" access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel privacy to public. A similar technique...
Zulip 安全漏洞
Zulip is a powerful open-source group chat application from Zulip, Inc. for combining the immediacy of real-time chat with the productivity benefits of threaded conversations. A security vulnerability exists in Zulip versions prior to 10.0 to 10.3, which stems from a channel creation permission...
CVE-2022-49909
...
CVE-2022-49909
The connected advisories describe CVE-2022-49909 as a Linux kernel Bluetooth L2CAP use-after-free (A2MP) in l2cap_conn_del(). When l2cap_recv_frame() processes data and creates an A2MP channel that is not held, the reference counting can reach 1, and during hci_error_reset(), l2cap_chan_unlock() ...
SUSE CVE-2024-58009
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: handle NULL sock pointer in l2capsockalloc A NULL sock pointer is passed into l2capsockalloc when it is called from l2capsocknewconnectioncb and the error handling paths should also be aware of it. Seemingly a...
drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new()
...
DEBIAN-CVE-2024-56752
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/gr/gf100: Fix missing unlock in gf100grchannew When the call to gf100grctxgenerate fails, unlock gr-fecs.mutex before returning the error. Fixes smatch warning: drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c:480...
BIT-MATTERMOST-2024-39837
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled...