Admidio Exposes Cross-Organization Member Data via Permission Check Mismatch in contacts_data.php

Summary The contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring roladministrator=true and the contactsshowall system setting. A user manager...

EUVD-2023-2588

Malicious code in bioql PyPI...

CVE-2023-5159

Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots...

CVE-2023-5159 A User Manager role with user edit permissions could manage/update bots

Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots...

CVE-2023-5159 A User Manager role with user edit permissions could manage/update bots

Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots...