Lucene search
K

1606 matches found

CVE
CVE
added yesterday7 views

CVE-2026-9820

Mattermost versions 11.7.x <= 11.7.2 and 10.11.x

3.8CVSS6.1AI score
Exploits0References1Affected Software1
Nuclei
Nuclei
added yesterday6 views

Gogs < 0.14.3 - Unauthenticated Organization Teams Disclosure

Gogs before version 0.14.3 contains an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint returns all teams for any organization without requiring authentication. The route group lacks the reqToken middleware, exposing team IDs, names, descriptions,...

6.9CVSS6.1AI score0.01553EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 8:51 p.m.2 views

GHSA-4J6X-2764-M8GH Rancher has over-inclusive team membership expansion in GitHub App authentication provider

Impact A vulnerability has been identified within Rancher Manager in the GitHub App authentication provider. When evaluating permissions, the provider incorrectly expands user team memberships to include all teams within the associated GitHub organization, rather than restricting access to the...

8.8CVSS5.7AI score0.0037EPSS
Exploits0References7
Veeam
Veeam
added 2026/06/29 12:0 a.m.14 views

Release Information for Veeam Backup for Microsoft 365 8.5

Requirements This release can be used to: upgrade an existing v8, v8.1, v8.2, v8.3, or v8.4 deployment of Veeam Backup for Microsoft 365 to v8.5. install a new deployment of Veeam Backup for Microsoft 365 v8.5. After installing this release, the Veeam Backup for Microsoft 365 build number will be...

5.7AI score
Exploits0Affected Software1
NVD
NVD
added 2026/06/25 8:17 p.m.8 views

CVE-2026-57522

Bitwarden Server before 2026.5.0 contains a JSON injection vulnerability in IntegrationTemplateProcessor.ReplaceTokens, which substitutes user-controlled values into event-integration templates without JSON encoding. When an organization has configured an event integration whose template referenc...

5CVSS0.00262EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/25 7:9 p.m.4 views

EUVD-2026-39543

Bitwarden Server before 2026.5.0 contains a JSON injection vulnerability in IntegrationTemplateProcessor.ReplaceTokens, which substitutes user-controlled values into event-integration templates without JSON encoding. When an organization has configured an event integration whose template referenc...

3.5CVSS6AI score0.00262EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52576

Name of the Vulnerable Software and Affected Versions Bitwarden Server versions prior to 2026.5.0 Description An issue exists in the IntegrationTemplateProcessor.ReplaceTokens function where user-controlled values are substituted into event-integration templates without proper JSON encoding. An...

5CVSS5.9AI score0.00262EPSS
Exploits1References9
NVD
NVD
added 2026/06/24 9:16 p.m.9 views

CVE-2026-52815

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs has an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint at internal/route/api/v1/orgteam.go:8 returns all teams for any organization without requiring authentication. The route...

6.9CVSS0.01553EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:1 p.m.6 views

CVE-2026-52815

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs has an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint at internal/route/api/v1/orgteam.go:8 returns all teams for any organization without requiring authentication. The route...

6.9CVSS5.9AI score0.01553EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/24 8:1 p.m.27 views

CVE-2026-52815 Gogs: Unauthenticated Organization Teams Information Disclosure via API

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs has an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint at internal/route/api/v1/orgteam.go:8 returns all teams for any organization without requiring authentication. The route...

6.9CVSS0.01553EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 8:1 p.m.11 views

CVE-2026-52815

Summary (CVE-2026-52815, Gogs) Gogs before 0.14.3 exposes unauthenticated access to org teams via GET /api/v1/orgs/:orgname/teams. The route group lacks reqToken() and ListTeams() does not perform authentication, allowing retrieval of all teams’ IDs, names, descriptions, and permission levels for...

6.9CVSS5.9AI score0.01553EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:41 p.m.24 views

CVE-2026-46548

NocoDB (CVE-2026-46548 ) exhibits an SSRF protection bypass in the notification webhook plugins for Slack, Discord, Mattermost, and Teams. Root cause: in the affected code paths, the httpAgent/httpsAgent were incorrectly placed in the request body of axios.post instead of the config argument, all...

4.3CVSS6AI score0.00176EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 5:13 p.m.3 views

GHSA-744X-3838-5R56 Gogs Vulnerable to Unauthenticated Organization Teams Information Disclosure via API

Summary Gogs has an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint at internal/route/api/v1/orgteam.go:8 returns all teams for any organization without requiring authentication. The route group at internal/route/api/v1/api.go:380-385 lacks the...

6.9CVSS5.8AI score0.01553EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/23 5:13 p.m.12 views

Gogs Vulnerable to Unauthenticated Organization Teams Information Disclosure via API

Summary Gogs has an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint at internal/route/api/v1/orgteam.go:8 returns all teams for any organization without requiring authentication. The route group at internal/route/api/v1/api.go:380-385 lacks the...

6.9CVSS5.8AI score0.01553EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/23 3:32 p.m.16 views

CVE-2026-54303

Summary of CVE-2026-54303 (n8n): An endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or CSP headers, enabling reflected XSS in the n8n origin when a logged-in user visits a crafted URL. Affected component: n8n trigger no...

6.8CVSS5.9AI score0.00177EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/23 3:32 p.m.53 views

CVE-2026-54303 n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints

n8n is an open source workflow automation platform. Prior to 2.24.0, an endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers, enabling reflected XSS in the n8n origin when a logged-in user...

6.8CVSS0.00177EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51633

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Gogs contains an information disclosure issue where the 'GET /api/v1/orgs/:orgname/teams' endpoint returns all teams for any organization without requiring authentication. This occurs because the route...

6.9CVSS5.9AI score0.01553EPSS
Exploits0References11
The Hacker News
The Hacker News
added 2026/06/18 1:30 p.m.9 views

DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic

Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan RAT called Backdoor.Turn to conceal command-and-control C2 traffic inside Microsoft Teams relay infrastructure. According to findings from Broadcom-owned Symantec and Carbon...

5.5CVSS6.7AI score0.00275EPSS
Exploits2
OSV
OSV
added 2026/06/18 8:21 a.m.3 views

OPENSUSE-SU-2026:21136-1 Security update for golang-github-prometheus-alertmanager

This update for golang-github-prometheus-alertmanager fixes the following issues: Changes in golang-github-prometheus-alertmanager: - Update to version 0.28.1 jscPED-13285: Improved performance of inhibition rules when using Equal labels. Improve the documentation on escaping in UTF-8 matchers...

7.5CVSS7AI score0.91969EPSS
Exploits3References6
Patchstack
Patchstack
added 2026/06/16 10:39 p.m.5 views

NPM: n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints

NPM: n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints vulnerability discovered by ? in WordPress Npm n8n versions 2.24.0...

6.8CVSS5.8AI score0.00177EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder