7 matches found
CVE-2026-7387
Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Mattermost fails to require role-management authorization when setting the schemeadmin flag on group syncable link and patch endpoints, which allows a user with group-link permissions to escalate themselv...
CVE-2026-7387 Mattermost group syncable endpoints allow privilege escalation via scheme_admin
Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Mattermost fails to require role-management authorization when setting the schemeadmin flag on group syncable link and patch endpoints, which allows a user with group-link permissions to escalate themselv...
EUVD-2026-36503
Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Mattermost fails to require role-management authorization when setting the schemeadmin flag on group syncable link and patch endpoints, which allows a user with group-link permissions to escalate themselv...
CVE-2018-12101
CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields...
CVE-2018-12101
CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields...
CVE-2018-12101
CVE-2018-12101 affects CMS Clipper 1.3.3 with cross-site scripting in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields. The available documents do not specify the exact vulnerability type (stored vs. reflected), root cause, affected components beyond tho...
WeChat has an arbitrary code execution vulnerability (badkernel)
WeChat is a free application from Tencent that provides instant messaging services for smart terminals. WeChat suffers from a remote arbitrary code execution vulnerability badkernel. Attackers using the vulnerability can carry out quasi-worm spread, and can be sent through the circle of friends a...