Lucene search
K

6 matches found

Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51412

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A rate limit bypass exists in the 'channel self' endpoint. Attackers can circumvent rate limiting by rotating the user-controlled device id parameter, enabling them to send multiple requests per...

8.8CVSS5.8AI score0.00271EPSS
Exploits0References7
Snyk
Snyk
added 2025/10/16 9:30 a.m.1 views

Incorrect Authorization

Overview github.com/mattermost/mattermost-server is an open source Slack-alternative in Golang and React. Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/channels/channelid/members endpoint. An attacker can gain unauthorized access to add any team membe...

4.3CVSS7AI score0.00302EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/13 7:31 p.m.2 views

CVE-2025-52931

Mattermost Confluence Plugin version 1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription endpoint with an invalid request body...

7.5CVSS7.2AI score0.00335EPSS
Exploits0References1
OSV
OSV
added 2025/08/11 9:31 p.m.4 views

GHSA-VC77-C2HX-H5X2 Mattermost Confluence Plugin has Improper Check for Unusual or Exceptional Conditions

Mattermost Confluence Plugin versions 1.5.0 fails to handle unexpected request bodies, allowing attackers to crash the plugin via constant hits to the update channel subscription endpoint with an invalid request body...

7.5CVSS7AI score0.00335EPSS
Exploits0References3
OSV
OSV
added 2025/08/11 9:31 p.m.5 views

GHSA-V6C8-G53H-MC2H Mattermost Confluence Plugin has Missing Authorization vulnerability

Mattermost Confluence Plugin versions 1.5.0 fail to check user access to the channel, allowing attackers to create a channel subscription without proper access to the channel via an API call to the edit channel subscription endpoint...

4CVSS6.9AI score0.00196EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/06/18 11:1 a.m.9 views

CVE-2022-50044

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: start MHI channel after endpoit creation MHI channel may generates event/interrupt right after enabling. It may leads to 2 race conditions issues. 1 Such event may be dropped by qcommhiqrtrdlcallback at check: if !qdev...

4.7CVSS5.1AI score0.00112EPSS
Exploits0
Rows per page
Query Builder