Lucene search
K

7 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.8 views

Mattermost Server 10.11.x < 10.11.14 / 11.5.x < 11.5.2 Vulnerability (MMSA-2025-00552)

The version of Mattermost Server installed on the remote host is affected by a vulnerability: - Mattermost fails to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members...

4.3CVSS5.9AI score0.00143EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.9 views

CVE-2026-4286

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

4.3CVSS5.4AI score0.00143EPSS
Exploits0References1
CVE
CVE
added 2026/05/18 8:7 a.m.33 views

CVE-2026-4286

Mattermost Playbooks plugin vulnerability CVE-2026-4286 affects Mattermost versions 11.5.x &lt;= 11.5.1 and 10.11.x

4.3CVSS5.8AI score0.00143EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/18 8:7 a.m.8 views

CVE-2026-4286

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00143EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/18 8:7 a.m.4 views

CVE-2026-4286 Playbooks Plugin fails to validate team transfers, allowing unauthorized removal of member access via playbook update

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

3.1CVSS6AI score0.00143EPSS
Exploits0References3
CVE
CVE
added 2025/01/02 4:7 p.m.64 views

CVE-2024-11716

CVE-2024-11716 (CTFd) : A logic flaw in CTFd allows an authenticated user to reset their bracket after registration and join another team while a competition is ongoing. Affected releases: 3.7.0—3.7.4. The issue was addressed in 3.7.5 via pull request 2636. Practical impact: potentially enables b...

5.3CVSS6.8AI score0.11659EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/12/31 12:0 a.m.6 views

PT-2024-17206 · Ctfd · Ctfd

Name of the Vulnerable Software and Affected Versions: CTFd versions 3.7.0 through 3.7.4 Description: A flaw in logic implementation in CTFd allows an authenticated user to reset their team assignment and join another team while a competition is ongoing. This issue impacts releases from 3.7.0 up ...

5.3CVSS6.5AI score0.11659EPSS
Exploits0References9
Rows per page
Query Builder