Lucene search
K

58 matches found

OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5442 Mattermost doesn't enforce the PostEditTimeLimit on non-message post fields in github.com/mattermost/mattermost-server

Mattermost doesn't enforce the PostEditTimeLimit on non-message post fields in github.com/mattermost/mattermost-server...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.12 views

CVE-2026-3637

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check the createpost channel permission during post edit operations which allows an authenticated attacker with revoked posting privileges to modify their existing posts via direct API requests to the post update and...

4.3CVSS5.4AI score0.00152EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/18 6:53 a.m.8 views

CVE-2026-3637 Mattermost fails to enforce create_post permission when editing posts

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check the createpost channel permission during post edit operations which allows an authenticated attacker with revoked posting privileges to modify their existing posts via direct API requests to the post update and...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/18 6:53 a.m.40 views

CVE-2026-3637 Mattermost fails to enforce create_post permission when editing posts

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check the createpost channel permission during post edit operations which allows an authenticated attacker with revoked posting privileges to modify their existing posts via direct API requests to the post update and...

4.3CVSS0.00152EPSS
Exploits0References1
CVE
CVE
added 2026/05/18 6:53 a.m.20 views

CVE-2026-3637

Mattermost versions affected: 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, and 11.4.x

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.13 views

PT-2026-41642

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.5.0 through 11.5.1 Mattermost versions 10.11.0 through 10.11.13 Mattermost versions 11.4.0 through 11.4.3 Description An issue exists where the software fails to verify the create post channel permission during post edit...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.10 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.11 views

Mattermost doesn't enforce the PostEditTimeLimit on non-message post fields

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, and pin status after the edit window has expired via the post patch and update API endpoints...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/15 6:42 p.m.23 views

CVE-2026-4053

CVE-2026-4053 affects Mattermost 11.5.x (11.5.0–11.5.1) and 10.11.x (10.11.0–10.11.13). The issue is that the system fails to enforce the PostEditTimeLimit on non‑message post fields, allowing an authenticated user to modify post file attachments, props, and pin status after the edit window has e...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/15 6:42 p.m.38 views

CVE-2026-4053 post edit time limit is not enforced on some post update operations

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, and pin status after the edit window has expired via the post patch and update API endpoints...

3.1CVSS0.00165EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 6:42 p.m.9 views

EUVD-2026-30586

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, and pin status after the edit window has expired via the post patch and update API endpoints...

3.1CVSS5.8AI score0.00165EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.16 views

PT-2026-41348

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.5.0 through 11.5.1 Mattermost versions 10.11.0 through 10.11.13 Description An issue exists where the system fails to enforce the PostEditTimeLimit on non-message post fields. This allows an authenticated user to modify...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier, as well as 10.11.13 and earlier, have security vulnerabilities. These vulnerabilities stem from the lack of enforcement of the PostEditTimeLimit for...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1
NVD
NVD
added 2026/04/17 4:16 a.m.8 views

CVE-2026-4666

The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of extract$args, EXTROVERWRITE on user-controlled input in the edit method of classes/Posts.php in all versions up to, and including, 2.4.16. The postedit action handler in Actions.php passes...

6.5CVSS0.00331EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/17 2:25 a.m.34 views

CVE-2026-4666 wpForo Forum <= 2.4.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' Parameter

The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of extract$args, EXTROVERWRITE on user-controlled input in the edit method of classes/Posts.php in all versions up to, and including, 2.4.16. The postedit action handler in Actions.php passes...

6.5CVSS0.00331EPSS
Exploits0References8
CVE
CVE
added 2026/04/17 2:25 a.m.22 views

CVE-2026-4666

CVE-2026-4666 affects the WordPress plugin wpForo Forum ≤ 2.4.16. The vulnerability arises from using extract($args, EXTR_OVERWRITE) on user-controlled input in Posts::edit(), with the post_edit action passing $_REQUEST['post'] to that method. An attacker can inject post[guestposting]=1 to overri...

6.5CVSS5.8AI score0.00331EPSS
Exploits0References8
CNVD
CNVD
added 2026/03/24 12:0 a.m.4 views

Discourse Information Disclosure Vulnerability (CNVD-2026-17272)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from a post edit management report disclosing the first 40...

2.7CVSS5.8AI score0.00293EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 8:47 a.m.13 views

CVE-2025-23667

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Christopher Churchill custom-post-edit front-end-post-edit allows Reflected XSS.This issue affects custom-post-edit: from n/a through = 1.0.4...

7.1CVSS7.2AI score0.00146EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/06 5:7 a.m.13 views

CVE-2025-15458

A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Article Handler. Executing a manipulation can lead to improper authentication. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS6.5AI score0.00511EPSS
Exploits1References1
NVD
NVD
added 2026/01/05 5:15 a.m.20 views

CVE-2025-15458

A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Article Handler. Executing a manipulation can lead to improper authentication. It is possible to launch the attack remotely. The exploit has been...

9.8CVSS0.00511EPSS
Exploits1References4
Rows per page
Query Builder