39 matches found
CVE-2026-56328 Capgo - Integrity Issue in Release Routing via Multiple Public Channels
Capgo before 12.128.2 allows multiple public channels for the same app and platform to coexist simultaneously, while unnamed /updates requests without defaultChannel implicitly resolve to a single hidden winner channel. An authorized app or channel manager can create ambiguous default update stat...
CVE-2026-43410 firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled
In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled When the Remote System Update RSU isn't enabled in the First Stage Boot Loader FSBL, the driver encounters a NULL pointer dereference when excute...
Linux Distros Unpatched Vulnerability : CVE-2026-23461
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: L2CAP: Fix use-after-free in l2capunregisteruser After commit ab4eedb790ca Bluetooth: L2CAP: Fix corrupted list in hcichandel, l2capconndel uses...
SQL injection vulnerability in U8+ Channel Management (Advanced Edition) at UFIDA Network Technology Co. Ltd (CNVD-C-2025-1245200)
U8+ Channel Management Advanced Edition is a set of channel management software, together with U8+ supply chain system and financial system, extending the enterprise management radius from the internal enterprise to the distribution channels and sales terminals. A SQL injection vulnerability exis...
kernel: Bluetooth: L2CAP: Fix user-after-free
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix user-after-free This uses l2capchanholdunlesszero after calling l2capgetchanblah to prevent the following trace: Bluetooth: l2capcore.c:static void l2capchandestroystruct kref kref Bluetooth: chan...
EUVD-2020-0182
Malware in sbrugna...
EUVD-2018-19739
Malware in sbrugna...
EUVD-2025-19559
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-15251
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass...
GO-2025-3772 Mattermost allows unauthorized channel member management through playbook runs in github.com/mattermost/mattermost-server
Mattermost allows unauthorized channel member management through playbook runs in github.com/mattermost/mattermost-server...
CVE-2025-38487 soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled
In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled Mitigate e.g. the following: echo 1e789080.lpc-snoop /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind ... 120.363594 Unable to handle kernel NULL pointer...
CVE-2025-46702
Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin...
Improper Permission Enforcement
github.com/mattermost/mattermost-server is vulnerable to improper permission enforcement. The vulnerability is due to a failure to enforce channel member management permissions during playbook run participant management, which allows authenticated users with member-level access to bypass...
Mattermost Incorrect Authorization vulnerability
Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin...
GHSA-V8FR-VXMW-6MF6 Mattermost Incorrect Authorization vulnerability
Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin...
CVE-2025-46702
Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin...
CVE-2025-46702 Mattermost Playbooks allows privilege escalation through improper access control in playbook run participant management
Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin...
PT-2025-27457 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.15 Mattermost versions 10.5.x through 10.5.5 Mattermost versions 10.6.x through 10.6.5 Mattermost versions 10.7.x through 10.7.2 Mattermost version 10.8.0 Description: The issue arises from the improper...
Mattermost allows unauthorized channel member management through playbook runs
Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members' permission to add or remove users from public...
CVE-2025-3227 Unauthorized channel member management through playbook runs
Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members' permission to add or remove users from public...