12 matches found
SUSE CVE-2026-22892
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...
Mattermost doesn't validate user permissions when creating Jira issues from Mattermost posts
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...
CVE-2026-22892 Insufficient Authorization in Mattermost Jira Plugin Allows Unauthorized Access to Post Attachments
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...
PT-2026-7985
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.9 Mattermost versions 11.1.x through 11.1.2 Mattermost versions 11.2.x through 11.2.1 Description The software does not properly validate user permissions when creating Jira issues from Mattermost post...
EUVD-2025-28483
Malicious code in bioql PyPI...
CVE-2025-36845
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /internal/redirect.php allows for Server-Side Request Forgery SSRF. The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only...
CVE-2025-53073
In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions such as adding a comment without being a member of the project's team. A seven-digit issue ID must be known it is not treated as a secret and might be mentioned...
PT-2025-26760 · Sentry · Sentry
Name of the Vulnerable Software and Affected Versions: Sentry versions 25.1.0 through 25.5.1 Description: The issue allows an authenticated attacker to access a project's issue endpoint and perform unauthorized actions, such as adding a comment, without being a member of the project's team. This...
CVE-2025-53073
In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions such as adding a comment without being a member of the project's team. A seven-digit issue ID must be known it is not treated as a secret and might be mentioned...
CVE-2025-53073
CVE-2025-53073 affects Sentry versions 25.1.0–25.5.1. An authenticated attacker can access a project’s issue endpoint and perform unauthorized actions (e.g., adding a comment) without belonging to the project team. A seven‑digit issue ID must be known and is not treated as a secret; it may be pub...
CVE-2025-53073
In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions such as adding a comment without being a member of the project's team. A seven-digit issue ID must be known it is not treated as a secret and might be mentioned...
PT-2023-28158 · Freepbx · Freepbx
Name of the Vulnerable Software and Affected Versions: FreePBX affected versions not specified Description: A security issue has been identified in Endpoint Manager and Rest Apps of FreePBX. The estimated number of potentially affected devices worldwide is not specified. There is no information...