55 matches found
CVE-2026-3637
Mattermost versions affected: 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, and 11.4.x
CVE-2026-3637 Mattermost fails to enforce create_post permission when editing posts
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check the createpost channel permission during post edit operations which allows an authenticated attacker with revoked posting privileges to modify their existing posts via direct API requests to the post update and...
CVE-2026-3637 Mattermost fails to enforce create_post permission when editing posts
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check the createpost channel permission during post edit operations which allows an authenticated attacker with revoked posting privileges to modify their existing posts via direct API requests to the post update and...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...
PT-2026-41642
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check the create post channel permission during post edit operations which allows an authenticated attacker with revoked posting privileges to modify their existing posts via direct API requests to the post update an...
Mattermost doesn't enforce the PostEditTimeLimit on non-message post fields
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, and pin status after the edit window has expired via the post patch and update API endpoints...
EUVD-2026-30586
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, and pin status after the edit window has expired via the post patch and update API endpoints...
CVE-2026-4053
CVE-2026-4053 affects Mattermost 11.5.x (11.5.0–11.5.1) and 10.11.x (10.11.0–10.11.13). The issue is that the system fails to enforce the PostEditTimeLimit on non‑message post fields, allowing an authenticated user to modify post file attachments, props, and pin status after the edit window has e...
CVE-2026-4053 post edit time limit is not enforced on some post update operations
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, and pin status after the edit window has expired via the post patch and update API endpoints...
PT-2026-41348
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, and pin status after the edit window has expired via the post patch and update API endpoints...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier, as well as 10.11.13 and earlier, have security vulnerabilities. These vulnerabilities stem from the lack of enforcement of the PostEditTimeLimit for...
CVE-2026-4666
The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of extract$args, EXTROVERWRITE on user-controlled input in the edit method of classes/Posts.php in all versions up to, and including, 2.4.16. The postedit action handler in Actions.php passes...
CVE-2026-4666
CVE-2026-4666 affects the WordPress plugin wpForo Forum ≤ 2.4.16. The vulnerability arises from using extract($args, EXTR_OVERWRITE) on user-controlled input in Posts::edit(), with the post_edit action passing $_REQUEST['post'] to that method. An attacker can inject post[guestposting]=1 to overri...
CVE-2026-4666 wpForo Forum <= 2.4.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' Parameter
The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of extract$args, EXTROVERWRITE on user-controlled input in the edit method of classes/Posts.php in all versions up to, and including, 2.4.16. The postedit action handler in Actions.php passes...
Discourse Information Disclosure Vulnerability (CNVD-2026-17272)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from a post edit management report disclosing the first 40...
CVE-2025-23667
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Christopher Churchill custom-post-edit front-end-post-edit allows Reflected XSS.This issue affects custom-post-edit: from n/a through = 1.0.4...
CVE-2025-15458
A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Article Handler. Executing a manipulation can lead to improper authentication. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-15458
A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Article Handler. Executing a manipulation can lead to improper authentication. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-15458 bg5sbk MiniCMS Article post-edit.php improper authentication
A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Article Handler. Executing a manipulation can lead to improper authentication. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-15458
CVE-2025-15458 affects bg5sbk MiniCMS