9 matches found
CVE-2026-6341
Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the user can create issues or attach comments to which allows a user that is member of multiple groups to create issues to a locked group via direct API requests. Mattermost Advisory ID:...
CVE-2026-6341 Incomplete group locking implementation
Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the user can create issues or attach comments to which allows a user that is member of multiple groups to create issues to a locked group via direct API requests. Mattermost Advisory ID:...
EUVD-2025-12325
Malicious code in bioql PyPI...
CVE-2025-3518
It technically possible for a user to upload a file to a conversation despite the file upload functionality being disabled. The file upload functionality can be enabled or disabled for specific use cases through configuration. In case the functionality is disabled for at least one use case, the...
CVE-2025-3518
It technically possible for a user to upload a file to a conversation despite the file upload functionality being disabled. The file upload functionality can be enabled or disabled for specific use cases through configuration. In case the functionality is disabled for at least one use case, the...
CVE-2025-3518 File upload functionality possible even when disabled
It technically possible for a user to upload a file to a conversation despite the file upload functionality being disabled. The file upload functionality can be enabled or disabled for specific use cases through configuration. In case the functionality is disabled for at least one use case, the...
CVE-2025-3518
CVE-2025-3518 affects Unblu Spark (and related Unblu platform components) where a user can upload a file to a conversation via direct API requests even if the file upload feature is disabled for certain use cases. The configured per-use-case enable/disable setting is bypassed by direct API upload...
PT-2025-17490 · Unblu · Unblu Spark +1
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A user can upload a file to a conversation even if the file upload functionality is disabled. The system allows file uploads through direct API requests, despite the functionality being...
Improper access control
Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. A broken access control vulnerability ha...