Lucene search
K

4 matches found

NVD
NVD
added 2025/05/16 12:15 a.m.23 views

CVE-2025-47930

Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the "Who can create public channels" access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel privacy to public. A similar technique...

5.3CVSS0.00286EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.6 views

PT-2025-21585 · Zulip · Zulip

Name of the Vulnerable Software and Affected Versions: Zulip versions 10.0 through 10.2 Description: The issue concerns the "Who can create public channels" access control mechanism in Zulip, which can be circumvented by creating a private or web-public channel and then changing the channel priva...

5.3CVSS6.4AI score0.00286EPSS
Exploits0References9
OSV
OSV
added 2024/02/29 10:41 a.m.6 views

CVE-2024-1942

Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of...

4.3CVSS4.2AI score0.0036EPSS
Exploits0References3
Hacker One
Hacker One
added 2015/01/31 5:31 p.m.123 views

Vimeo: CRITICAL vulnerability - Insecure Direct Object Reference - Unauthorized access to `Videos` of Channel whose privacy is set to `Private`.

Hello, This time I found a IDORInsecure Direct Object Reference vulnerability. It allows an attacker to get unauthorized access to Videos of Channel whose privacy is set to Only moderators and people I choose without being a member. In simple words, we can access videos of private channel without...

6.9AI score
Exploits0
Rows per page
Query Builder