SUSE CVE-2026-25963

Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet's certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...

Fleet: Authorization Bypass in certificate template batch deletion for team administrators

Summary A broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Impact Fleet supports certificate templates that are scoped to individual teams. In affected...

PT-2023-31903 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue arises from Mattermost's failure to properly validate permissions when a team member attempts to soft delete a team, allowing them to delete teams they are not part of...

Slack: Deleting Teams implemenation

When deleting a team, it needed a proper authentication. It does not re authenticate the user if he is the legit owner who is trying to delete the team. In a case where, we leave our account for a few minutes and somebody walks by then quickly delete our team. Clifford...