Lucene search
+L

6 matches found

Cvelist
Cvelist
added 2 days ago37 views

CVE-2026-53444 Wekan: Missing authorization on OIDC Meteor methods allows privilege escalation to admin

Wekan is open source kanban built with Meteor. Prior to 9.32, Wekan OIDC-related Meteor methods in packages/wekan-oidc/oidcserver.js, server/models/org.js, and server/models/team.js are globally callable without the admin authorization checks used by their non-OIDC counterparts. Authenticated use...

7.6CVSS0.00238EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.12 views

Mattermost doesn't check if {{team_id}} was being changed when updating playbooks

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00143EPSS
Exploits0References4Affected Software2
Vulnrichment
Vulnrichment
added 2026/05/18 8:7 a.m.9 views

CVE-2026-4286 Playbooks Plugin fails to validate team transfers, allowing unauthorized removal of member access via playbook update

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

3.1CVSS5.8AI score0.00143EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/18 8:7 a.m.13 views

EUVD-2026-30750

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00143EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.10 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series as well as 10.11.13 and earlier 10.11.x series have security vulnerabilities. These vulnerabilities stem from the lack of checks during...

4.3CVSS5.8AI score0.00143EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.20 views

PT-2026-41653

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.5.0 through 11.5.1 Mattermost versions 10.11.0 through 10.11.13 Description An issue exists where the system fails to verify if the team id is modified during playbook updates. This allows users possessing only the Manag...

4.3CVSS5.8AI score0.00143EPSS
Exploits0References10
Rows per page
Query Builder