SUSE CVE-2025-14573

Mattermost versions 10.11.x = 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561...

EUVD-2025-16395

Malicious code in bioql PyPI...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the POST /api/v4/teams/:teamId/restore endpoint. An attacker can access sensitive team invite information by sending crafted requests to this endpoint without proper privileges. Remediati...

GO-2025-3724 Mattermost improperly allows team administrators to modify team invites in github.com/mattermost/mattermost-server

Mattermost improperly allows team administrators to modify team invites in github.com/mattermost/mattermost-server...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper validation of team invite permissions. An attacker can bypass access restrictions by exploiting the API to add unauthorized guest users to a team. Note: This is only exploitable if the attacker is...