Lucene search
K

8 matches found

Vulnrichment
Vulnrichment
added 2026/06/12 6:37 p.m.10 views

CVE-2026-53726 Parse Server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACL

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.80 and 9.9.1-alpha.6, a relation query using the $relatedTo operator could read the membership of a Relation field even when that field was hidden from the requesting clie...

6.9CVSS5.4AI score0.00276EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.22 views

PT-2026-48962

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.80 Parse Server versions prior to 9.9.1-alpha.6 Description A relation query using the $relatedTo operator allows an unauthenticated client to read the membership of a Relation field. This occurs even if the...

6.9CVSS5.2AI score0.00276EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.13 views

openSUSE 16 Security Update : tomcat (openSUSE-SU-2026:20611-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20611-1 advisory. - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. -...

9.1CVSS5.6AI score0.21691EPSS
Exploits8References31
Vulnrichment
Vulnrichment
added 2026/03/20 3:10 a.m.2 views

CVE-2026-31869 Discourse: Composer mentions endpoint leaks hidden group membership through PM `allowed_names` check

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ComposerControllermentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowednames referencing a hidden-membership grou...

5.3CVSS6AI score0.00179EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/14 6:2 p.m.9 views

CVE-2025-11777

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint...

4.3CVSS6.7AI score0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/13 5:32 p.m.12 views

CVE-2025-11777 Cross-team channel membership access

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint...

3.1CVSS0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/17 4:52 p.m.10 views

CVE-2025-35431 CISA Thorium LDAP injection

CISA Thorium does not escape user controlled strings used in LDAP queries. An authenticated remote attacker can modify LDAP authorization data such as group memberships. Fixed in 1.1.1...

5.4CVSS0.00285EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/05 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-5542

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Students in Only see own membership groups could see other students in the group, which should be hidden. CVE-2023-5542 Note that Nessus relies on the presence ...

4.3CVSS5AI score0.00433EPSS
Exploits0References2
Rows per page
Query Builder