19 matches found
EUVD-2025-10699
Malicious code in bioql PyPI...
Mattermost Improper Access Control Vulnerability
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an Improper Access Control vulnerability that stems from improper access control and can be exploited by an attacker to retrieve user activity logs...
SUSE CVE-2025-24866
Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...
Improper Access Control
github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability is due to insufficient enforcement of access restrictions on the /api/v4/audits endpoint, allowing users with delegated granular administration roles to access User Activity Logs without Compliance...
CVE-2025-24866
Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization through the /api/v4/audits endpoint. An attacker can retrieve User Activity Logs by exploiting insufficient access controls, despite not having the required permissions for Compliance Monitoring. Remediation...
Incorrect Authorization
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization through the /api/v4/audits endpoint. An attacker can retrieve User Activity Logs by exploiting insufficient access control...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization through the /api/v4/audits endpoint. An attacker can retrieve User Activity Logs by exploiting insufficient access controls, despite not having the required permissions for Compliance Monitoring. Remediation...
GHSA-XFQ9-HH5X-XFQ9 Mattermost Fails to Enforce Proper Access Controls on `/api/v4/audits` Endpoint
Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...
Mattermost Fails to Enforce Proper Access Controls on `/api/v4/audits` Endpoint
Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...
CVE-2025-24866
Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...
CVE-2025-24866
Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...
CVE-2025-24866 Unauthorized Access to User Activity Logs API by delegated granular administration roles
Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...
CVE-2025-24866 Unauthorized Access to User Activity Logs API by delegated granular administration roles
Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...
CVE-2025-24866
CVE-2025-24866 affects Mattermost server (Mattermost 9.11.x, including 9.11.8 and earlier) where the access control on the /api/v4/audits endpoint is improper. The vulnerability allows users with delegated granular administration roles who do not have access to Compliance Monitoring to retrieve U...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an Improper Access Control vulnerability that stems from improper access control and can be exploited by an attacker to retrieve user activity logs...
PT-2025-15996 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.8 Description: The issue is related to improper access controls on the "/api/v4/audits" endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to...
Adult Content Site Exposed Personal Data of 1M Users
The personal information more than a million users of popular adult website Luscious, including email addresses that sometimes indicated full names, were found exposed in an unsecured Elasticsearch database. The website, which focuses on anime-themed, user-uploaded adult content, has over 1 milli...
Simple Machine Forum 1-0-5 (possibly prior versions) user IP address / information disclosure
Simple Machine Forum 1-0-5 possibly prior versions user IP address / information disclosure Aug 31 2005 10:37AM retrogod aliceposta it Simple Machine Forum 1-0-5 possibly prior versions user IP address / information disclosure software: site: http://www.simplemachines.org/ information disclosure:...