Lucene search
K

39 matches found

Cvelist
Cvelist
added last week22 views

CVE-2026-56328 Capgo - Integrity Issue in Release Routing via Multiple Public Channels

Capgo before 12.128.2 allows multiple public channels for the same app and platform to coexist simultaneously, while unnamed /updates requests without defaultChannel implicitly resolve to a single hidden winner channel. An authorized app or channel manager can create ambiguous default update stat...

7.1CVSS0.00247EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/08 2:21 p.m.35 views

CVE-2026-43410 firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled When the Remote System Update RSU isn't enabled in the First Stage Boot Loader FSBL, the driver encounters a NULL pointer dereference when excute...

0.00116EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-23461

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: L2CAP: Fix use-after-free in l2capunregisteruser After commit ab4eedb790ca Bluetooth: L2CAP: Fix corrupted list in hcichandel, l2capconndel uses...

8.8CVSS6.4AI score0.00247EPSS
Exploits0References3
CNVD
CNVD
added 2025/12/31 12:0 a.m.6 views

SQL injection vulnerability in U8+ Channel Management (Advanced Edition) at UFIDA Network Technology Co. Ltd (CNVD-C-2025-1245200)

U8+ Channel Management Advanced Edition is a set of channel management software, together with U8+ supply chain system and financial system, extending the enterprise management radius from the internal enterprise to the distribution channels and sales terminals. A SQL injection vulnerability exis...

5.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2025/11/12 3:8 p.m.4 views

kernel: Bluetooth: L2CAP: Fix user-after-free

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix user-after-free This uses l2capchanholdunlesszero after calling l2capgetchanblah to prevent the following trace: Bluetooth: l2capcore.c:static void l2capchandestroystruct kref kref Bluetooth: chan...

8CVSS6.8AI score0.0033EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-0182

Malware in sbrugna...

7.7CVSS6.8AI score0.01128EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-19739

Malware in sbrugna...

9.8CVSS9.3AI score0.22979EPSS
Exploits5References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-19559

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.00177EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-15251

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass...

7.7CVSS6.7AI score0.01128EPSS
Exploits0References2
OSV
OSV
added 2025/07/28 7:57 p.m.7 views

GO-2025-3772 Mattermost allows unauthorized channel member management through playbook runs in github.com/mattermost/mattermost-server

Mattermost allows unauthorized channel member management through playbook runs in github.com/mattermost/mattermost-server...

4.3CVSS6.2AI score0.00205EPSS
Exploits0References3
OSV
OSV
added 2025/07/28 11:21 a.m.3 views

CVE-2025-38487 soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled

In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled Mitigate e.g. the following: echo 1e789080.lpc-snoop /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind ... 120.363594 Unable to handle kernel NULL pointer...

5.5CVSS6.4AI score0.0015EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2025/07/02 5:24 p.m.33 views

CVE-2025-46702

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin...

5.4CVSS7.2AI score0.00177EPSS
Exploits0References1
Veracode
Veracode
added 2025/07/01 7:10 a.m.5 views

Improper Permission Enforcement

github.com/mattermost/mattermost-server is vulnerable to improper permission enforcement. The vulnerability is due to a failure to enforce channel member management permissions during playbook run participant management, which allows authenticated users with member-level access to bypass...

5.4CVSS6.1AI score0.00177EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/06/30 6:31 p.m.11 views

Mattermost Incorrect Authorization vulnerability

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin...

5.4CVSS6.5AI score0.00177EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2025/06/30 6:31 p.m.4 views

GHSA-V8FR-VXMW-6MF6 Mattermost Incorrect Authorization vulnerability

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin...

5.4CVSS7.1AI score0.00177EPSS
Exploits0References5
OSV
OSV
added 2025/06/30 5:15 p.m.11 views

CVE-2025-46702

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin...

5.4CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added 2025/06/30 4:51 p.m.7 views

CVE-2025-46702 Mattermost Playbooks allows privilege escalation through improper access control in playbook run participant management

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin...

5.4CVSS0.00177EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/30 12:0 a.m.2 views

PT-2025-27457 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.15 Mattermost versions 10.5.x through 10.5.5 Mattermost versions 10.6.x through 10.6.5 Mattermost versions 10.7.x through 10.7.2 Mattermost version 10.8.0 Description: The issue arises from the improper...

5.4CVSS7.2AI score0.00177EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2025/06/20 3:30 p.m.9 views

Mattermost allows unauthorized channel member management through playbook runs

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members' permission to add or remove users from public...

4.3CVSS4.5AI score0.00205EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2025/06/20 2:31 p.m.12 views

CVE-2025-3227 Unauthorized channel member management through playbook runs

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members' permission to add or remove users from public...

4.3CVSS0.00205EPSS
Exploits0References1
Rows per page
Query Builder