CVE-2026-4286

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

CVE-2026-4286

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

CVE-2026-4286

Mattermost Playbooks plugin vulnerability CVE-2026-4286 affects Mattermost versions 11.5.x <= 11.5.1 and 10.11.x

CVE-2024-11716

CVE-2024-11716 (CTFd) : A logic flaw in CTFd allows an authenticated user to reset their bracket after registration and join another team while a competition is ongoing. Affected releases: 3.7.0—3.7.4. The issue was addressed in 3.7.5 via pull request 2636. Practical impact: potentially enables b...

PT-2024-17206 · Ctfd · Ctfd

Name of the Vulnerable Software and Affected Versions: CTFd versions 3.7.0 through 3.7.4 Description: A flaw in logic implementation in CTFd allows an authenticated user to reset their team assignment and join another team while a competition is ongoing. This issue impacts releases from 3.7.0 up ...