Lucene search
+L

15142 matches found

GithubExploit
GithubExploit
added 2026/06/14 4:27 p.m.85 views

lab-purple-team

Lab Purple Team - Active Directory !screenshots/wazuhsecu...

5.4AI score
Exploits0
Cvelist
Cvelist
added 2026/06/12 6:11 p.m.30 views

CVE-2026-47236 Solidtime team page exposes pending invitation and member emails to employees who lack invitations:view/members:view permission

Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members API. The Jetstream web team page authorizes access with only belongsToTeam and then loads and...

4.3CVSS0.00183EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 6:11 p.m.11 views

CVE-2026-47236 Solidtime team page exposes pending invitation and member emails to employees who lack invitations:view/members:view permission

Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members API. The Jetstream web team page authorizes access with only belongsToTeam and then loads and...

4.3CVSS5.2AI score0.00183EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 6:11 p.m.18 views

CVE-2026-47236

CVE-2026-47236 affects the Solidtime open‑source time-tracking app prior to version 0.12.2. The root cause is insufficient access control in the Jetstream-backed team page: invitations:view and members:view permissions gate the official APIs, but the Jetstream page authorizes access with only bel...

4.3CVSS5.3AI score0.00183EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 6:11 p.m.4 views

CVE-2026-47236 Solidtime team page exposes pending invitation and member emails to employees who lack invitations:view/members:view permission

Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members API. The Jetstream web team page authorizes access with only belongsToTeam and then loads and...

4.3CVSS5.9AI score0.00183EPSS
Exploits0References4
NVD
NVD
added 2026/06/12 5:16 p.m.16 views

CVE-2026-3433

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to restrict roleupdated websocket event broadcasts to members of the affected team or channel which allows an authenticated attacker with guest-level access to observe permission scheme change...

4.3CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 3:54 p.m.32 views

CVE-2026-7387 Mattermost group syncable endpoints allow privilege escalation via scheme_admin

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Mattermost fails to require role-management authorization when setting the schemeadmin flag on group syncable link and patch endpoints, which allows a user with group-link permissions to escalate themselv...

8.8CVSS0.00298EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 3:51 p.m.12 views

EUVD-2026-36501

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Fail to enforce PermissionInviteUser when setting AllowOpenInvite or AllowedDomains during team creation the check was only applied on update/patch, which allows an authenticated user holding...

4.3CVSS5.3AI score0.00152EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 3:51 p.m.12 views

CVE-2026-6689 *Missing* {{invite_user}} *permission check on team creation allows unprivileged users to set open-invite and allowed-domains team settings*

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Fail to enforce PermissionInviteUser when setting AllowOpenInvite or AllowedDomains during team creation the check was only applied on update/patch, which allows an authenticated user holding...

4.3CVSS5.3AI score0.00152EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 3:51 p.m.25 views

CVE-2026-6689

Mattermost vulnerable versions: 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x

4.3CVSS5.3AI score0.00152EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/12 3:51 p.m.31 views

CVE-2026-6689 *Missing* {{invite_user}} *permission check on team creation allows unprivileged users to set open-invite and allowed-domains team settings*

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Fail to enforce PermissionInviteUser when setting AllowOpenInvite or AllowedDomains during team creation the check was only applied on update/patch, which allows an authenticated user holding...

4.3CVSS0.00152EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 3:51 p.m.3 views

CVE-2026-6689 *Missing* {{invite_user}} *permission check on team creation allows unprivileged users to set open-invite and allowed-domains team settings*

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Fail to enforce PermissionInviteUser when setting AllowOpenInvite or AllowedDomains during team creation the check was only applied on update/patch, which allows an authenticated user holding...

4.3CVSS6AI score0.00152EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 3:46 p.m.14 views

CVE-2026-3433 Mattermost fails to scope role_updated websocket events to authorized team and channel members

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to restrict roleupdated websocket event broadcasts to members of the affected team or channel which allows an authenticated attacker with guest-level access to observe permission scheme change...

4.3CVSS5.3AI score0.0018EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/12 3:52 a.m.84 views

linux-privesc-linpeas

🐧 linux-privesc-linpeas End-to-end Linux privilege escalati...

7.8CVSS7.5AI score0.83524EPSS
Exploits103
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.19 views

PT-2026-48937

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.6.0 through 11.6.1 Mattermost versions 11.5.0 through 11.5.4 Mattermost versions 10.11.0 through 10.11.16 Description An issue exists where the system fails to enforce the PermissionInviteUser check when setting...

4.3CVSS5.9AI score0.00152EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.28 views

PT-2026-48954

Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members API. The Jetstream web team page authorizes access with only belongsToTeam and then loads and...

4.3CVSS5.3AI score0.00183EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.19 views

PT-2026-48874

Name of the Vulnerable Software and Affected Versions n8n-mcp versions prior to 2.56.1 Description An authorization flaw exists in multi-tenant HTTP mode when ENABLE MULTI TENANT is set to true. This allows authenticated tenants to read and delete workflow version backups belonging to other...

6.1AI score0.00389EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/06/10 7:49 a.m.106 views

The-Full-Attack-Chain

⚔️ The Full Attack Chain — Capstone Red Team Engagement Int...

10CVSS7.9AI score0.96184EPSS
Exploits36
GithubExploit
GithubExploit
added 2026/06/07 5:19 p.m.115 views

HackTheBox

HackTheBox — Writeups, Tooling & Exploitation Pipelines A wor...

10CVSS7.6AI score0.99562EPSS
Exploits396
GithubExploit
GithubExploit
added 2026/06/07 3:50 p.m.83 views

kaido-waf

⚔️ Kaido WAF Web Application Firewall do Kaido Red Team...

6AI score
Exploits0
Rows per page
Query Builder