Lucene search
K

335 matches found

SUSE CVE
SUSE CVE
added 2026/03/04 12:31 a.m.4 views

SUSE CVE-2026-0997

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...

4.3CVSS5.9AI score0.00152EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/02/16 6:42 p.m.8 views

WordPress Paytium: Mollie payment forms & donations plugin <= 4.3.7 - Missing Authorization in 'update_profile_preference' vulnerability

Missing Authorization in 'updateprofilepreference' vulnerability discovered by WordFence in WordPress Plugin Paytium versions = 4.3.7...

5.4CVSS5.5AI score0.00272EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/02/16 12:30 p.m.7 views

EUVD-2026-6099

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...

4.3CVSS5.7AI score0.00152EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/16 12:30 p.m.8 views

Mattermost Plugin Zoom allows any logged-in user to change Zoom meeting restrictions for arbitrary channels

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...

4.3CVSS5.7AI score0.00152EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/16 12:30 p.m.6 views

GHSA-2PHX-FRHF-XR55 Mattermost Plugin Zoom allows any logged-in user to change Zoom meeting restrictions for arbitrary channels

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...

4.3CVSS5.7AI score0.00152EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/16 11:2 a.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the channel preference API endpoint. An attacker can modify Zoom meeting restrictions for arbitrary channels by sending crafted API requests as an authenticated user. Remediation Upgrade...

5.3CVSS5.8AI score0.00152EPSS
Exploits0References2
OSV
OSV
added 2026/02/16 10:16 a.m.4 views

CVE-2026-0997

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...

4.3CVSS5.7AI score
Exploits0References1
CVE
CVE
added 2026/02/16 9:58 a.m.19 views

CVE-2026-0997

Mattermost components affected include Mattermost server versions 11.1.x up to 11.1.2, 10.11.x up to 10.11.9, and 11.2.x up to 11.2.1, together with Mattermost Plugin Zoom versions up to 1.11.0. The underlying issue is that the API endpoint /plugins/zoom/api/v1/channel-preference does not properl...

4.3CVSS5.7AI score0.00152EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2026/02/16 9:58 a.m.34 views

CVE-2026-0997 Mattermost Zoom Plugin channel preference API lacks authorization checks

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...

4.3CVSS0.00152EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/16 9:58 a.m.3 views

CVE-2026-0997

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...

4.3CVSS5.7AI score0.00152EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/16 9:58 a.m.5 views

CVE-2026-0997 Mattermost Zoom Plugin channel preference API lacks authorization checks

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...

4.3CVSS5.7AI score0.00152EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/16 12:0 a.m.9 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. There are security vulnerabilities in Mattermost versions 11.1.2 and earlier 11.1.x series, 10.11.9 and earlier 10.11.x series, 11.2.1 and earlier 11.2.x series, as well as in Mattermost Plugin Zoom...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.7 views

PT-2026-8328

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.1.x through 11.1.2 Mattermost versions 10.11.x through 10.11.9 Mattermost versions 11.2.x through 11.2.1 Mattermost Plugin Zoom versions through 1.11.0 Description The Mattermost application and its Zoom plugin do not...

9.9CVSS5.2AI score0.27661EPSS
Exploits45References117
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.7 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.4CVSS5.4AI score0.00177EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/05 12:0 a.m.4 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.5AI score0.00177EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/31 12:30 a.m.6 views

EUVD-2020-30947

FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with carefully constructed shellcode to trigger a structured exception handler overwrite and execute system...

8.4CVSS6.3AI score0.00157EPSS
Exploits0References4
NVD
NVD
added 2026/01/30 11:16 p.m.7 views

CVE-2020-37029

FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with carefully constructed shellcode to trigger a structured exception handler overwrite and execute system...

8.4CVSS0.00157EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/30 10:7 p.m.4 views

CVE-2020-37029 FTPDummy 4.80 - Local Buffer Overflow

FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with carefully constructed shellcode to trigger a structured exception handler overwrite and execute system...

8.4CVSS6AI score0.00157EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/30 10:7 p.m.21 views

CVE-2020-37029 FTPDummy 4.80 - Local Buffer Overflow

FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with carefully constructed shellcode to trigger a structured exception handler overwrite and execute system...

8.4CVSS0.00157EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/30 10:7 p.m.4 views

CVE-2020-37029

FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with carefully constructed shellcode to trigger a structured exception handler overwrite and execute system...

8.4CVSS6.3AI score0.00157EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder