Lucene search
K

4 matches found

EUVD
EUVD
added 2026/06/12 3:51 p.m.10 views

EUVD-2026-36501

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Fail to enforce PermissionInviteUser when setting AllowOpenInvite or AllowedDomains during team creation the check was only applied on update/patch, which allows an authenticated user holding...

4.3CVSS5.3AI score0.00152EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 3:51 p.m.28 views

CVE-2026-6689 *Missing* {{invite_user}} *permission check on team creation allows unprivileged users to set open-invite and allowed-domains team settings*

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Fail to enforce PermissionInviteUser when setting AllowOpenInvite or AllowedDomains during team creation the check was only applied on update/patch, which allows an authenticated user holding...

4.3CVSS0.00152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/17 1:27 p.m.6 views

CVE-2025-14573

Mattermost versions 10.11.x = 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561...

3.8CVSS5.5AI score0.00157EPSS
Exploits0References1
CNVD
CNVD
added 2015/04/23 12:0 a.m.3 views

Drupal Node Invite Module Cross-Site Request Forgery Vulnerability

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Node Invite is one of the modules that is similar to RSVP sending invitations via email. A cross-site request forgery vulnerability exists in the Drupal Node Invite module versions prio...

6.8CVSS7AI score0.00656EPSS
Exploits0References1
Rows per page
Query Builder