EUVD-2026-12409

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate team membership when searching channels which allows a removed team member to enumerate all public channels within a private team via the channel search API endpoint.. Mattermost Advisory ID:...

PT-2026-25684

Mattermost allows a removed team member to enumerate all public channels within a private team in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causi...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.3.0 and earlier 11.3.x series, 11.2.2 and earlier 11.2.x series, as well as 10.11.10 and earlier 10.11.x series, have security vulnerabilities. These vulnerabilities...

EUVD-2024-17468

Malicious code in bioql PyPI...

CVE-2024-1741

lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by...

CVE-2024-1741

lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by...

CVE-2024-1741 Improper Authorization in lunary-ai/lunary

lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by...

CVE-2024-1741 Improper Authorization in lunary-ai/lunary

lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by...

CVE-2024-1741

CVE-2024-1741 affects lunary-ai/lunary v1.0.1, with an improper authorization flaw enabling removed members to read, create, modify, and delete prompt templates by reusing an old authorization token. The issue allows operations on prompt templates despite removal from an organization, via HTTP re...

PT-2024-18266 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.0.1 Description: The issue allows removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform...

UBUNTU-CVE-2023-5198

An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys...