5 matches found
CVE-2026-61441
PraisonAI Platform praisonai-platform before 0.1.9 improperly authorizes deletion of issue dependencies. The DELETE dependency route accepts either endpoint of a dependency edge and checks delete permission only against the caller-selected URL issue. A workspace member who cannot delete a...
CVE-2026-1860
The Kali Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.8. This is due to the getitemspermissionscheck permission callback on the /kaliforms/v1/forms/id REST API endpoint only checking for the editposts capability without...
SUSE CVE-2017-18894
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover...
CVE-2023-21432
Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner...
Unspecified Vulnerability in Mattermost Server (CNVD-2020-52020)
Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.2.0, 4.1.1 and 4.0.5. An attacker can exploit the vulnerability to bypass resource owner authorization and take over an accou...