Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from allowing guest users on multiple channels, which could lead to elevated privileges...

CVE-2025-55673 Apache Superset: Metadata exposure in embedded charts

When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...

CVE-2025-55673 Apache Superset: Metadata exposure in embedded charts

When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...

Linux Distros Unpatched Vulnerability : CVE-2018-15746

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service guest crash by leveraging mishandling of the seccomp policy for threads oth...

SUSE CVE-2025-46702

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin...

SUSE CVE-2025-3228

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly retrieve requestorInfo from playbooks handler for guest users which allows an attacker access to the playbook run...

CVE-2025-5315

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed...

UBUNTU-CVE-2025-5315

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed...

Unauthorized Access

github.com/mattermost/mattermost-server is vulnerable to unauthorized access. The vulnerability is due to improper access control caused by a failure to correctly retrieve and validate requestorInfo for guest users, allowing attackers to access playbook runs without proper authorization...

CVE-2025-3228

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly retrieve requestorInfo from playbooks handler for guest users which allows an attacker access to the playbook run...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the playbooks handler failing to properly retrieve IsGuest for guest users. An attacker can gain unauthorized access to sensitive playbook run information by sending crafted requests as a guest user...

CVE-2025-3228

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly retrieve requestorInfo from playbooks handler for guest users which allows an attacker access to the playbook run...

Unauthorized Information Disclosure

github.com/mattermost/mattermost-server is vulnerable to Unauthorized Information Disclosure. The vulnerability is due to insufficient restriction of API access, allowing guest users to view information about public teams they are not members of via direct API calls...

GO-2025-3757 Mattermost allows guest users to view information about public teams they are not members of in github.com/mattermost/mattermost-server

Mattermost allows guest users to view information about public teams they are not members of in github.com/mattermost/mattermost-server...

GHSA-JWHW-XF5V-QGXC Mattermost allows guest users to view information about public teams they are not members of

Mattermost versions 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/teamid...

CVE-2025-4128

Mattermost versions 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/teamid...

GO-2025-3730 Mattermost fails to properly enforce access controls for guest users in github.com/mattermost/mattermost-server

Mattermost fails to properly enforce access controls for guest users in github.com/mattermost/mattermost-server...

CVE-2025-48885

application-urlshortener create shortened URLs for XWiki pages. Versions prior to 1.2.4 are vulnerable to users with view access being able to create arbitrary pages. Any user even guests can create these docs, even if they don't exist already. This can enable guest users to denature the structur...

CVE-2025-48885 application-urlshortener users can create arbitrary pages as long as they have view access to them

application-urlshortener create shortened URLs for XWiki pages. Versions prior to 1.2.4 are vulnerable to users with view access being able to create arbitrary pages. Any user even guests can create these docs, even if they don't exist already. This can enable guest users to denature the structur...

CVE-2025-48885 application-urlshortener users can create arbitrary pages as long as they have view access to them

application-urlshortener create shortened URLs for XWiki pages. Versions prior to 1.2.4 are vulnerable to users with view access being able to create arbitrary pages. Any user even guests can create these docs, even if they don't exist already. This can enable guest users to denature the structur...