Lucene search
K

15 matches found

Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51223

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description Improper access control in the public.get org members RPC function allows unauthenticated attackers to enumerate organization members. By using a public sb publishable key and an organization UUID,...

8.7CVSS5.9AI score0.00249EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.10 views

CVE-2026-39374

Plane is an an open-source project management tool. Prior to 1.3.0, the IssueBulkUpdateDateEndpoint allows a project member ADMIN or MEMBER to modify the startdate and targetdate of ANY issue across the entire Plane instance, regardless of workspace or project membership. The endpoint fetches...

7.7CVSS5.5AI score0.00208EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/29 10:32 p.m.26 views

PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API

Summary The PraisonAI Platform API has two authorization failures that together break workspace isolation. The service layer for issues and projects performs global primary-key lookups without checking workspace ownership, so any authenticated user can read, modify, and delete resources in any...

5.8AI score0.00044EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/05/22 1:44 p.m.12 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the API response process. An attacker can access sensitive information about team member roles by invoking various team API endpoints without having elevated permissions. Remediation Upgrade...

5.3CVSS5.8AI score0.00184EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/22 10:23 a.m.10 views

CVE-2026-3636

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to sanitize team member data when returned via API to users without elevated permissions which allows a user without permissions to get data about team members roles via invoking various team API...

4.3CVSS5.8AI score0.00184EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/03/16 10:46 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient validation of permission requirements in the team member roles API endpoint. An attacker can gain unauthorized privilege to demote users to guest status by exploiting this flaw while...

5.1CVSS5.8AI score0.00159EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/16 10:19 p.m.4 views

CVE-2026-26230

A permissions validation flaw has been discovered in mattermost server. Affected versions fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mitigation Mitigation for this issue is either not...

3.8CVSS5.6AI score0.00159EPSS
Exploits0References2
OSV
OSV
added 2026/03/16 9:16 p.m.7 views

CVE-2026-26230

Mattermost versions 10.11.x = 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mattermost Advisory ID: MMSA-2025-00531...

3.8CVSS5.9AI score
Exploits0References1
Cvelist
Cvelist
added 2026/03/16 8:19 p.m.22 views

CVE-2026-26230 Team Admin Privilege Escalation to Demote Members to Guest

Mattermost versions 10.11.x = 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mattermost Advisory ID: MMSA-2025-00531...

3.8CVSS0.00159EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.4 views

PT-2026-25813

Mattermost versions 10.11.x = 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mattermost Advisory ID: MMSA-2025-00531...

3.8CVSS5.8AI score0.00159EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.7 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost 10.11.10 and earlier, including 10.11.x, have a security vulnerability. This vulnerability stems from improper validation of permission requirements at the team member role API...

3.8CVSS5.8AI score0.00159EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.6 views

PT-2025-43410

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 4.3.17 Description Admidio, a user management solution, contains a SQL injection issue in the member assignment data retrieval functionality. An authenticated user with role assignment permissions can execute arbitrar...

7.2CVSS8AI score0.00395EPSS
Exploits1References13
Snyk
Snyk
added 2025/08/21 9:30 a.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles endpoint. An attacker can modify team member roles without proper authorization by sending crafted API requests. Remediation Upgrade...

5.1CVSS7AI score0.00189EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/21 9:30 a.m.3 views

Incorrect Authorization

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles endpoint. An attacker can modify team member roles without...

5.1CVSS7AI score0.00189EPSS
Exploits0References2
Veracode
Veracode
added 2024/04/29 6:8 a.m.22 views

Improper Access Control

Mattermost Server is vulnerable to Improper Access Control. The vulnerability is due to improper validation when updating team member roles, allowing users with certain administrative privileges to demote other users to guest status through crafted HTTP requests...

2.7CVSS7AI score0.00502EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder