Lucene search
+L

6 matches found

NVD
NVD
added 2026/05/15 8:16 p.m.17 views

CVE-2026-44559

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the GET /api/v1/channels/id/members endpoint only checks membership for group and dm channel types lines 467-469. For standard channels — including private ones — there is no...

4.3CVSS0.00221EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2025/11/09 12:37 a.m.3 views

SUSE CVE-2025-10545

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the /api/v4/channels/channelid/members endpoint...

4.3CVSS6.9AI score0.00302EPSS
Exploits0References2
OSV
OSV
added 2025/10/16 9:30 a.m.9 views

GHSA-424H-XJ87-M937 Mattermost has an Incorrect Authorization vulnerability

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the /api/v4/channels/channelid/members endpoint...

3.1CVSS6.9AI score0.00302EPSS
Exploits0References7
NVD
NVD
added 2025/10/16 9:15 a.m.8 views

CVE-2025-10545

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the /api/v4/channels/channelid/members endpoint...

4.3CVSS0.00302EPSS
Exploits0References1
OSV
OSV
added 2025/10/16 8:24 a.m.5 views

CVE-2025-10545 Guest user can add unauthorized team users to private channels

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the /api/v4/channels/channelid/members endpoint...

3.1CVSS6AI score0.00302EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.5 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that can be exploited by an attacker to cause guest users to add arbitrary team members to their private channels via the...

4.3CVSS6.8AI score0.00302EPSS
Exploits0References1
Rows per page
Query Builder