Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-member vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-47858
Mattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams/<team-id>/channels/deleted endpoint.
Mattermost Mattermost Server
4.3
CVSSv3
CVE-2023-45223
Mattermost fails to properly validate the "Show Full Name" option in a few endpoints in Mattermost Boards, allowing a member to get the full name of another user even if the Show Full Name option was disabled.
Mattermost Mattermost
4.3
CVSSv3
CVE-2023-47865
Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a pos...
Mattermost Mattermost
4.3
CVSSv3
CVE-2023-5160
Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled
Mattermost Mattermost
4.3
CVSSv3
CVE-2023-4532
An issue has been discovered in GitLab affecting all versions starting from 16.2 prior to 16.2.8, all versions starting from 16.3 prior to 16.3.5, all versions starting from 16.4 prior to 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a me...
Gitlab Gitlab
Gitlab Gitlab 16.4.0
4.3
CVSSv3
CVE-2023-2786
Mattermost fails to properly check the permissions when executing commands allowing a member with no permissions to post a message in a channel to actually post it by executing channel commands.
Mattermost Mattermost
Mattermost Mattermost 7.10.0
4.3
CVSSv3
CVE-2023-28357
A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a us...
Rocket.chat Rocket.chat
4.3
CVSSv3
CVE-2022-45164
An issue exists in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel (delete) a booking, created by someone else - even if this basic user is not a member of the booking
Archibus Archibus Web Central 2022.03.01.107
4.3
CVSSv3
CVE-2021-20440
IBM API Connect 10.0.0.0, and 2018.4.1.0 up to and including 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member ...
Ibm Api Connect 10.0.0.0
Ibm Api Connect
3.5
CVSSv3
CVE-2023-3511
An issue has been discovered in GitLab EE affecting all versions starting from 8.17 prior to 16.4.4, all versions starting from 16.5 prior to 16.5.4, all versions starting from 16.6 prior to 16.6.2. It was possible for auditor users to fork and submit merge requests to private pr...
Gitlab Gitlab
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »