23 matches found
PocketBase 授权问题漏洞
PocketBase is an open-source real-time backend developed by PocketBase. Versions of PocketBase prior to 0.22.42 and 0.37.4 contained authorization-related vulnerabilities. These vulnerabilities occurred because, under certain circumstances, attackers could create and link unverified PocketBase...
SUSE CVE-2025-41410
Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...
Mattermost Server 10.5.x < 10.5.11 / 10.10.x < 10.10.3 / 10.11.x 10.11.3 / 10.12.0 Missing Authorization (MMSA-2025-00525)
The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00525 advisory. - Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows...
CVE-2025-41410
Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the Slack import functionality. An attacker can create verified user accounts with arbitrary email domains by submitting malicious import data to bypass email-based team access restrictions. Remediation Upgrade...
GHSA-3Q4Q-WQM6-HVF3 Mattermost has a Missing Authorization vulnerability
Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...
EUVD-2025-34742
Mattermost has a Missing Authorization vulnerability...
CVE-2025-41410
Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...
CVE-2025-41410 Slack import bypasses email verification for team access controls
Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...
CVE-2025-41410
Mattermost CVE-2025-41410 affects server versions 10.10.x <= 10.10.2, 10.5.x <= 10.5.10, and 10.11.x
CVE-2025-41410 Slack import bypasses email verification for team access controls
Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...
CVE-2020-15245
In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email [email protected], verify it, change it to the mail [email protected] and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Note, that th...
X wants your biometric data
Users of X formerly Twitter paying for a checkmark under what used to be called Twitter Blue now X Premium have some biometric related decisions to make. The BBC reports that Elon Musk, having dismantled the old checkmark system to replace it with the all new Premium, is reintroducing identity...
British Airways customers targeted in lost luggage Twitter scam
Getting back into the travel habit? Jumping on a plane soon? Experienced a bit of a luggage disaster and looking for help on social media? Watch out, because a lack of prior research could prove very costly. Word has spread of a bogus Twitter account pretending to be a customer support channel of...
Reddit: Email Verification Bypass And Get access to user's private invitation.
Part 2 of my previous report : https://hackerone.com/reports/1225499 I am sending this report again because you closed my previous report. i posed new impact of this vulnerability in my previous report but i didn't get any reply. So i reported it again. First Vulnerability : Email verification...
Would real identities make social media safer?
“Use real identities to reduce abuse online” is a talking point youve almost certainly seen down the years. It also seems to come around like clockwork every other month, and is currently a hot topic in the UK after prominent journalists / media personalities raised the issue. It’s an interesting...
Twitter Hacked in Bitcoin Scam
It started with one weird tweet. Then another. Quickly, some of the most prominent accounts on Twitter were all sending out the same message; I am giving back to the community. All Bitcoin sent to the address below will be sent back double! If you send $1,000, I will send back $2,000. Only doing...
Crypto scam: Twitter’s internal tool was used in hijacking verified accounts
By Waqas Twitter has acknowledged that hackers used its internal tool. This is a post from HackRead.com Read the original post: Crypto scam: Twitter's internal tool was used in hijacking verified accounts...
Several High-Profile Accounts Hacked in the Biggest Twitter Hack of All Time
Social media platform Twitter, earlier today on Wednesday, was on fire after it suffered one of the biggest cyberattacks in its history. A number of high-profile Twitter accounts, including those of US presidential candidate Joe Biden, Amazon CEO Jeff Bezos, Bill Gates, Elon Musk, Uber, and Apple...
Twitter Confirms it was Hacked in an Unprecedented Cryptocurrency Scam
Twitter locked down thousands of verified accounts belonging to elite Twitter users and high-profile companies Wednesday afternoon in an effort to prevent hackers from perpetrating a massive cryptocurrency scam. The accounts fell victim to a compromise of the company’s internal systems by a group...