EUVD-2025-206979

Mattermost versions 10.11.x = 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561...

EUVD-2024-2149

Malicious code in bioql PyPI...

EUVD-2024-22950

Malicious code in bioql PyPI...

CVE-2022-1967

The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it coul...

CVE-2024-25632

eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A user may be an administrator in one team and a regular user in another. The...

litellm vulnerable to improper access control in team management

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any...

GHSA-QQCV-VG9F-5RR3 litellm vulnerable to improper access control in team management

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any...

CVE-2024-5710

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any...

CVE-2024-5714 Improper Access Control in lunary-ai/lunary

In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite users to projects in other organizations, change members to projects in other organizations with...

CVE-2024-5710 Improper Access Control in Team Management in berriai/litellm

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any...

CVE-2024-5710 Improper Access Control in Team Management in berriai/litellm

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any...

CVE-2024-5710

CVE-2024-5710 affects berriai/litellm version 1.34.34. The issue is an improper access control in the Team Management feature, caused by insufficient access control checks across various endpoints. This enables unauthorized actors to perform actions such as creating, updating, viewing, deleting, ...

PT-2024-37087 · Unknown · Berriai/Litellm

Name of the Vulnerable Software and Affected Versions: berriai/litellm version 1.34.34 Description: The issue is related to improper access control in the team management functionality, allowing attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and...

Team Members < 5.3.2 - Author+ Stored XSS

Description The plugin does not validate and escape some of its Team options attributes before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks. 1. Create/edit a team and...

CVE-2022-36801

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting RXSS vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8...

Cross-Site Request Forgery (CSRF) in star7th/showdoc

Description You set the strict flag only for one of your cookies named cookietoken but in Team management attacker still can delete or add teams with CSRF vulnerability as the cookie with name PHPSESSID don't have strict flag. Proof of Concept 1.replace 38046 with the team id 2.open poc.html and...

Five Tips to Impress at Your CISO Job Interview

Chief Information Security Officers CISOs are in demand and the lack of experienced candidates, coupled with the evolving required skill set, helped make it the highest paying tech job in 2020. With 100% of large corporations Fortune 500, Global 2000 forecast to have a CISO or equivalent position...

Grow, Develop, and Impact More Than Just Your Career: Software Engineering at Rapid7 Belfast

Growth and learning – in any career at any level – are imperative for job satisfaction and company commitment. While it is necessary to have inherent curiosity as well as a desire to grow and achieve, it is also important to work for an organization that encourages and enables this curiosity and...

Managing Team Burn Out

According to the World Health Organization: “Burn-out is a syndrome conceptualized as resulting from chronic workplace stress that has not been successfully managed. It is characterized by three dimensions: feelings of energy depletion or exhaustion increased mental distance from one’s job, or...

Free Download: The Ultimate Security Pros’ Checklist

You are a cybersecurity professional with the responsibility to keep your organization secured, you know your job chapter and verse, from high-level reporting duties to the bits and bytes of what malware targeted your endpoints a week ago. But it’s a lot to hold in one’s mind, so to make your lif...