CVE-2025-49810 Thread summarization allows persistent access to channel

Mattermost versions 10.5.x = 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts...

CVE-2025-49810

Summary: Mattermost Server 10.5.x

CVE-2025-38011

creationtimestamp| type| source ---|---|--- 2025-08-20 22:16:19+00:00| seen| https://bsky.app/profile/bluesky.awakari.com/post/3lwuhdazkdr2i 2025-08-20 22:16:22+00:00| seen| https://bsky.app/profile/bluesky.awakari.com/post/3lwuhdcvcps2l 2026-03-19 00:00:00+00:00| seen|...

CVE-2025-54988

creationtimestamp| type| source ---|---|--- 2025-08-20 17:48:13+00:00| seen| https://seclists.org/oss-sec/2025/q3/129 2025-08-20 17:50:44+00:00| seen| https://seclists.org/oss-sec/2025/q3/130 2025-08-20 20:54:06+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lwucq4fdbu2h...

CVE-2025-9132

creationtimestamp| type| source ---|---|--- 2025-08-20 08:59:25+00:00| seen| https://threatintel.cc/2025/08/20/google-fixed-chrome-flaw-found.html 2025-08-20 09:24:36+00:00| seen| https://bsky.app/profile/infosecindustry.bsky.social/post/3lwt47bzjts2s 2025-08-20 09:57:42+00:00| seen|...

CVE-2023-52757

creationtimestamp| type| source ---|---|--- 2025-08-19 20:41:40+00:00| seen| https://bsky.app/profile/bluesky.awakari.com/post/3lwrrl3b5yn23 2025-08-19 20:41:42+00:00| seen| https://bsky.app/profile/bluesky.awakari.com/post/3lwrrl5cgxq2u 2025-08-19 20:41:57+00:00| seen|...

CVE-2025-55734

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the /admin page, but not when visiting its subroutes. Specifically, only the file routes/adminPanel.py checks the user role when a user is trying to access the admin page,...

CVE-2025-55734 flaskBlo Authorization Bypass

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the /admin page, but not when visiting its subroutes. Specifically, only the file routes/adminPanel.py checks the user role when a user is trying to access the admin page,...

CVE-2025-55734 flaskBlo Authorization Bypass

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the /admin page, but not when visiting its subroutes. Specifically, only the file routes/adminPanel.py checks the user role when a user is trying to access the admin page,...

CVE-2025-54336

creationtimestamp| type| source ---|---|--- 2025-08-19 13:47:15+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115055737900675209 2025-08-19 18:12:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lwrjb6u5nc2g 2025-08-20 10:36:52+00:00| seen|...

CVE-2025-41685

creationtimestamp| type| source ---|---|--- 2025-08-19 08:11:01+00:00| seen| https://infosec.exchange/users/certvde/statuses/115054415790248821 2025-08-19 08:11:10+00:00| seen| https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3lwqhmwyihxm2 2025-08-19 10:19:23+00:00| seen|...

CVE-2025-54939

creationtimestamp| type| source ---|---|--- 2025-08-19 06:30:17+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3lwqbyieldqw2 2025-08-19 07:17:07+00:00| seen|...

PT-2025-33845 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: flaskBlog versions 2.8.0 and earlier Description: The application checks the userRole for "admin" privileges only when accessing the /admin page, but not its subroutes. Specifically, the check is performed in routes/adminPanel.py, but not in...

CVE-2025-55299

creationtimestamp| type| source ---|---|--- 2025-08-18 20:23:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lwpa3jvqke2c 2025-08-19 04:31:39+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3lwq3ejegsd24...

CVE-2025-6186

creationtimestamp| type| source ---|---|--- 2025-08-18 18:34:32+00:00| seen| https://bsky.app/profile/fraustief.bsky.social/post/3lwozypx4b22m 2025-08-18 18:34:34+00:00| seen| https://bsky.app/profile/fraustief.bsky.social/post/3lwozypxc4k2m 2025-08-18 18:34:37+00:00| seen|...

CVE-2025-7739

creationtimestamp| type| source ---|---|--- 2025-08-18 18:34:32+00:00| seen| https://bsky.app/profile/fraustief.bsky.social/post/3lwozypx4b22m 2025-08-18 18:34:35+00:00| seen| https://bsky.app/profile/fraustief.bsky.social/post/3lwozypxc4k2m 2025-08-18 18:34:37+00:00| seen|...

CVE-2025-7734

creationtimestamp| type| source ---|---|--- 2025-08-18 18:34:32+00:00| seen| https://bsky.app/profile/fraustief.bsky.social/post/3lwozypx4b22m 2025-08-18 18:34:35+00:00| seen| https://bsky.app/profile/fraustief.bsky.social/post/3lwozypxc4k2m 2025-08-18 18:34:37+00:00| seen|...

CVE-2025-53192

creationtimestamp| type| source ---|---|--- 2025-08-18 18:16:20+00:00| seen| https://seclists.org/oss-sec/2025/q3/121 2025-08-19 00:08:12+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lwpmni5hwr2u 2025-08-19 00:12:44+00:00| seen|...

CVE-2025-38495

creationtimestamp| type| source ---|---|--- 2025-08-18 12:57:24+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwoh5wd43k2k 2025-08-18 14:25:55+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwom472ww22k 2025-08-18 17:47:35+00:00| seen|...

CVE-2025-38494

creationtimestamp| type| source ---|---|--- 2025-08-18 12:57:24+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwoh5wd43k2k 2025-08-18 14:25:55+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwom472ww22k 2025-08-18 16:18:48+00:00| seen|...