CVE-2026-25963

Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...

GO-2026-4561 Fleet: Authorization Bypass in certificate template batch deletion for team administrators in github.com/fleetdm/fleet

Fleet: Authorization Bypass in certificate template batch deletion for team administrators in github.com/fleetdm/fleet...

Fleet: Authorization Bypass in certificate template batch deletion for team administrators

Summary A broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Impact Fleet supports certificate templates that are scoped to individual teams. In affected...

GHSA-5JVP-M9H4-253H Fleet: Authorization Bypass in certificate template batch deletion for team administrators

Summary A broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Impact Fleet supports certificate templates that are scoped to individual teams. In affected...

CVE-2026-25963 Fleet: Authorization Bypass in certificate template batch deletion for team administrators

Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...

CVE-2026-25963

Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...

Fleet 安全漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Versions of Fleet prior to 4.80.1 contained security...

EUVD-2025-16395

Malicious code in bioql PyPI...

GO-2025-3724 Mattermost improperly allows team administrators to modify team invites in github.com/mattermost/mattermost-server

Mattermost improperly allows team administrators to modify team invites in github.com/mattermost/mattermost-server...

Mattermost improperly allows team administrators to modify team invites

Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to properly validate permissions when changing team privacy settings, allowing team administrators without the 'invite user' permission to access and modify team invite IDs via the...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost version 9.11.8 and earlier, which stems from failing to prompt for explicit approval before adding team administrators to a private channel, allowing team...

Mattermost Server 安全漏洞

Mattermost Server is an open source messaging platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost Server versions prior to 9.5.2, prior to 9.4.4, prior to 9.3.3, and prior to 8.1.11, which stems from a lack of proper access control in /api/v4/, where...