Lucene search
K

12 matches found

SUSE CVE
SUSE CVE
added 2026/03/04 12:29 a.m.11 views

SUSE CVE-2026-22892

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...

4.3CVSS5.8AI score0.00239EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/13 12:31 p.m.9 views

Mattermost doesn't validate user permissions when creating Jira issues from Mattermost posts

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...

4.3CVSS5.5AI score0.00239EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/13 10:29 a.m.30 views

CVE-2026-22892 Insufficient Authorization in Mattermost Jira Plugin Allows Unauthorized Access to Post Attachments

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...

4.3CVSS0.00239EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.9 views

PT-2026-7985

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.9 Mattermost versions 11.1.x through 11.1.2 Mattermost versions 11.2.x through 11.2.1 Description The software does not properly validate user permissions when creating Jira issues from Mattermost post...

9.9CVSS5.5AI score0.27661EPSS
Exploits45References119
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-28483

Malicious code in bioql PyPI...

4.2CVSS6.6AI score0.00194EPSS
Exploits0References3
NVD
NVD
added 2025/07/21 6:15 p.m.5 views

CVE-2025-36845

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /internal/redirect.php allows for Server-Side Request Forgery SSRF. The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only...

8.6CVSS0.0158EPSS
Exploits1References2
NVD
NVD
added 2025/06/24 6:15 p.m.7 views

CVE-2025-53073

In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions such as adding a comment without being a member of the project's team. A seven-digit issue ID must be known it is not treated as a secret and might be mentioned...

4.2CVSS0.00194EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/24 12:0 a.m.3 views

PT-2025-26760 · Sentry · Sentry

Name of the Vulnerable Software and Affected Versions: Sentry versions 25.1.0 through 25.5.1 Description: The issue allows an authenticated attacker to access a project's issue endpoint and perform unauthorized actions, such as adding a comment, without being a member of the project's team. This...

4.2CVSS5.9AI score0.00194EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/06/24 12:0 a.m.6 views

CVE-2025-53073

In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions such as adding a comment without being a member of the project's team. A seven-digit issue ID must be known it is not treated as a secret and might be mentioned...

4.2CVSS7AI score0.00194EPSS
Exploits0References3
CVE
CVE
added 2025/06/24 12:0 a.m.24 views

CVE-2025-53073

CVE-2025-53073 affects Sentry versions 25.1.0–25.5.1. An authenticated attacker can access a project’s issue endpoint and perform unauthorized actions (e.g., adding a comment) without belonging to the project team. A seven‑digit issue ID must be known and is not treated as a secret; it may be pub...

4.2CVSS7AI score0.00194EPSS
Exploits0References3
OSV
OSV
added 2025/06/24 12:0 a.m.6 views

CVE-2025-53073

In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions such as adding a comment without being a member of the project's team. A seven-digit issue ID must be known it is not treated as a secret and might be mentioned...

4.2CVSS6.9AI score0.00194EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/09/19 12:0 a.m.4 views

PT-2023-28158 · Freepbx · Freepbx

Name of the Vulnerable Software and Affected Versions: FreePBX affected versions not specified Description: A security issue has been identified in Endpoint Manager and Rest Apps of FreePBX. The estimated number of potentially affected devices worldwide is not specified. There is no information...

6.7AI score
Exploits0References1
Rows per page
Query Builder