CVE-2026-20796

Mattermost versions 10.11.x = 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /commonteams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549...

CVE-2026-20796

Mattermost versions 10.11.x = 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /commonteams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549...

CVE-2026-20796 Time-of-check time-of-use vulnerability in common teams API

Mattermost versions 10.11.x = 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /commonteams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549...

CVE-2022-26655

Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams...

DecoCMS 访问控制错误漏洞

DecoCMS is a content management system from deco CMS open source. An access control error vulnerability exists in DecoCMS 1.0.0-alpha.31 and earlier versions, which stems from incorrect manipulation of the parameter domain in the file packages/sdk/src/mcp/teams/api.ts, which could lead to imprope...

SUSE CVE-2025-4128

Mattermost versions 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/teamid...

MAL-2025-5003 Malicious code in odyssee_teams_api (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9634a76d594664463c45445417dd33af9980310ff86b362704e5b0b50daed079 Any computer that has this package installed or running should be considered...

Grafana API IDOR

Today we are releasing Grafana 8.3.5 and 7.5.14. This patch release includes MEDIUM severity security fix for Grafana Teams API IDOR. Release v.8.3.5, only containing security fixes: - Download Grafana 8.3.5 - Release notes Release v.7.5.15, only containing security fixes: - Download Grafana 7.5....

grafana: IDOR vulnerability can lead to information disclosure

An Insecure Direct Object Reference IDOR vulnerability was found on Grafana Teams APIs. This flaw impacts the /teams/:teamId, /teams/:search, /teams/:teamId/members API endpoints and may allow an authenticated attacker to view unintended data by querying for the specific team ID or search for tea...

Grafana -- Teams API IDOR

Grafana Labs reports: On Jan. 18, an external security researcher, Kürşad ALSAN from NSPECT.IO @nspectio on Twitter, contacted Grafana to disclose an IDOR Insecure Direct Object Reference vulnerability on Grafana Teams APIs. This vulnerability only impacts the following API endpoints:...