Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.11 views

CVE-2026-3637

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check the createpost channel permission during post edit operations which allows an authenticated attacker with revoked posting privileges to modify their existing posts via direct API requests to the post update and...

4.3CVSS5.4AI score0.00152EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.7 views

Mattermost doesn't check the create_post channel permission during post edit operations

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check the createpost channel permission during post edit operations which allows an authenticated attacker with revoked posting privileges to modify their existing posts via direct API requests to the post update and...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2026/05/18 9:31 a.m.5 views

GHSA-V549-XX3C-6PC8 Mattermost doesn't check the create_post channel permission during post edit operations

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check the createpost channel permission during post edit operations which allows an authenticated attacker with revoked posting privileges to modify their existing posts via direct API requests to the post update and...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/18 6:53 a.m.8 views

CVE-2026-3637 Mattermost fails to enforce create_post permission when editing posts

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check the createpost channel permission during post edit operations which allows an authenticated attacker with revoked posting privileges to modify their existing posts via direct API requests to the post update and...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
CVE
CVE
added 2026/02/26 7:57 p.m.12 views

CVE-2026-27151

Discourse prior to versions 2025.12.2, 2026.1.1, and 2026.2.0 had a validation flaw where move_posts checked only source topic write permissions and did not validate destination topic permissions, allowing TL4 users and category moderators to move posts into topics in categories with read-only or...

5.3CVSS5.4AI score0.00154EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/02/07 12:0 a.m.9 views

WordPress plugin Bucketlister SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.5CVSS5.9AI score0.00217EPSS
Exploits0References3
Rows per page
Query Builder