Incorrect Authorization

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization via the membership sync process. An attacker can remove users from any channel, including private channels, by sending...

CVE-2026-28759 Insufficient authorization in shared channel membership sync allows remote cluster to remove users from arbitrary channels

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate that a remote cluster has access to a channel before processing membership removal requests during shared channel membership sync, which allows a malicious remote cluster to remove any user from any channel,...

EUVD-2025-4184

Malicious code in bioql PyPI...

CVE-2025-26372

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove users from groups via crafted HTTP requests...

How to Remove Users That Can Access the Delivery Group via PowerShell

This article is designed to describe how to remove users in the below screenshot via powershell instead of using UI. Disclaimer: information displayed in screenshots are Citrix test server data...

Smiths-Medical CADD-Solis Medication Safety Software Elevation of Privilege Vulnerability

Smiths-Medical, headquartered in Plymouth, Minnesota, is a subsidiary of Smiths Group, a company based in the U.K. CADD-Solis drug safety software, is an application used to set dose limits for infusion pumps. An elevation of privilege vulnerability exists in Smiths-Medical CADD-Solis Medication...

Seagate BlackArmor NAS sg2000-2000.1331跨站请求伪造漏洞

No description provided by source. Exploit Title: Seagate BlackArmor NAS - Cross Site Request Forgery Google Dork: N/A Date: 04-01-2014 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://www.seagate.com/ Software Link:...