CVE-2025-36375 IBM DataPower Gateway vulnerable to CSRF

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and...

CVE-2025-53971

Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins to demote Team Members to Guests via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles API endpoint...

CVE-2025-53971

Mattermost Server vulnerability CVE-2025-53971 affects versions 10.5.x ≤ 10.5.8 and 9.11.x ≤ 9.11.17. The issue arises from improper authorization validation for team scheme role modifications, allowing Team Admins to demote Team Members to Guests via PUT /api/v4/teams/{team-id}/members/{user-id}...

PT-2025-34197 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.5.x through 10.5.8 Mattermost versions 9.11.x through 9.11.17 Description: Mattermost fails to properly validate authorization for team scheme role modifications. This allows Team Admins to demote Team Members to Guests...

IBM webMethods Integration 安全漏洞

IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. A security vulnerability exists in IBM webMethods Integration versions 10.5, 10.7, 10.11, and 10.15, which stems from improper permissions when dealing with external entities, which could result in...