Lucene search
K

23 matches found

CNNVD
CNNVD
added 2026/05/12 12:0 a.m.7 views

PocketBase 授权问题漏洞

PocketBase is an open-source real-time backend developed by PocketBase. Versions of PocketBase prior to 0.22.42 and 0.37.4 contained authorization-related vulnerabilities. These vulnerabilities occurred because, under certain circumstances, attackers could create and link unverified PocketBase...

7.6CVSS5.8AI score0.00247EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2025/11/09 12:24 a.m.4 views

SUSE CVE-2025-41410

Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...

5.4CVSS7AI score0.00285EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/28 12:0 a.m.7 views

Mattermost Server 10.5.x < 10.5.11 / 10.10.x < 10.10.3 / 10.11.x 10.11.3 / 10.12.0 Missing Authorization (MMSA-2025-00525)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00525 advisory. - Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows...

5.4CVSS5.8AI score0.00285EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/17 8:40 a.m.12 views

CVE-2025-41410

Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...

5.4CVSS7AI score0.00285EPSS
Exploits0References1
Snyk
Snyk
added 2025/10/16 9:30 a.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the Slack import functionality. An attacker can create verified user accounts with arbitrary email domains by submitting malicious import data to bypass email-based team access restrictions. Remediation Upgrade...

5.4CVSS7.1AI score0.00285EPSS
Exploits0References2
OSV
OSV
added 2025/10/16 9:30 a.m.3 views

GHSA-3Q4Q-WQM6-HVF3 Mattermost has a Missing Authorization vulnerability

Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...

5.4CVSS7AI score0.00285EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/16 9:30 a.m.6 views

EUVD-2025-34742

Mattermost has a Missing Authorization vulnerability...

5.4CVSS6.5AI score0.00285EPSS
Exploits0References5
NVD
NVD
added 2025/10/16 9:15 a.m.8 views

CVE-2025-41410

Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...

5.4CVSS0.00285EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/16 8:39 a.m.8 views

CVE-2025-41410 Slack import bypasses email verification for team access controls

Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...

5.4CVSS0.00285EPSS
Exploits0References1
CVE
CVE
added 2025/10/16 8:39 a.m.15 views

CVE-2025-41410

Mattermost CVE-2025-41410 affects server versions 10.10.x &lt;= 10.10.2, 10.5.x &lt;= 10.5.10, and 10.11.x

5.4CVSS6.5AI score0.00285EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/16 8:39 a.m.4 views

CVE-2025-41410 Slack import bypasses email verification for team access controls

Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...

5.4CVSS6.5AI score0.00285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:22 p.m.10 views

CVE-2020-15245

In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email [email protected], verify it, change it to the mail [email protected] and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Note, that th...

4.3CVSS6.5AI score0.0062EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2023/09/06 2:0 a.m.11 views

X wants your biometric data

Users of X formerly Twitter paying for a checkmark under what used to be called Twitter Blue now X Premium have some biometric related decisions to make. The BBC reports that Elon Musk, having dismantled the old checkmark system to replace it with the all new Premium, is reintroducing identity...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/08/30 2:0 p.m.22 views

British Airways customers targeted in lost luggage Twitter scam

Getting back into the travel habit? Jumping on a plane soon? Experienced a bit of a luggage disaster and looking for help on social media? Watch out, because a lack of prior research could prove very costly. Word has spread of a bogus Twitter account pretending to be a customer support channel of...

0.5AI score
Exploits0
Hacker One
Hacker One
added 2021/09/24 11:53 a.m.493 views

Reddit: Email Verification Bypass And Get access to user's private invitation.

Part 2 of my previous report : https://hackerone.com/reports/1225499 I am sending this report again because you closed my previous report. i posed new impact of this vulnerability in my previous report but i didn't get any reply. So i reported it again. First Vulnerability : Email verification...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/02/03 7:22 p.m.66 views

Would real identities make social media safer?

“Use real identities to reduce abuse online” is a talking point youve almost certainly seen down the years. It also seems to come around like clockwork every other month, and is currently a hot topic in the UK after prominent journalists / media personalities raised the issue. It’s an interesting...

6.8AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2020/07/16 8:58 p.m.51 views

Twitter Hacked in Bitcoin Scam

It started with one weird tweet. Then another. Quickly, some of the most prominent accounts on Twitter were all sending out the same message; I am giving back to the community. All Bitcoin sent to the address below will be sent back double! If you send $1,000, I will send back $2,000. Only doing...

0.1AI score
Exploits0
HackRead
HackRead
added 2020/07/16 5:16 p.m.28 views

Crypto scam: Twitter’s internal tool was used in hijacking verified accounts

By Waqas Twitter has acknowledged that hackers used its internal tool. This is a post from HackRead.com Read the original post: Crypto scam: Twitter's internal tool was used in hijacking verified accounts...

3.4AI score
Exploits0
The Hacker News
The Hacker News
added 2020/07/16 4:54 a.m.47 views

Several High-Profile Accounts Hacked in the Biggest Twitter Hack of All Time

Social media platform Twitter, earlier today on Wednesday, was on fire after it suffered one of the biggest cyberattacks in its history. A number of high-profile Twitter accounts, including those of US presidential candidate Joe Biden, Amazon CEO Jeff Bezos, Bill Gates, Elon Musk, Uber, and Apple...

1AI score
Exploits0
ThreatPost
ThreatPost
added 2020/07/15 11:22 p.m.91 views

Twitter Confirms it was Hacked in an Unprecedented Cryptocurrency Scam

Twitter locked down thousands of verified accounts belonging to elite Twitter users and high-profile companies Wednesday afternoon in an effort to prevent hackers from perpetrating a massive cryptocurrency scam. The accounts fell victim to a compromise of the company’s internal systems by a group...

7.5AI score
Exploits0References8
Rows per page
Query Builder