Security
Headlines
HeadlinesLatestCVEs

Latest News

GHSA-cw7q-5cgc-h3h9: Mattermost fail to prompt for explicit approval before adding a team admin to a private channel

Mattermost versions 9.11.x <= 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links without explicit consent from them.

ghsa
Open in Source
#vulnerability#auth
GHSA-h5v9-xw2g-7hrq: Mattermost allows members with permission to convert public channels to private and convert private to public

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to to enforce channel conversion restrictions, which allows members with permission to convert public channels to private ones to also convert private ones to public.

GHSA-rp74-x43m-cpw3: Mattermost Fails to Restrict Bookmark Creation and Updates in Archived Channels

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to restrict bookmark creation and updates in archived channels, which allows authenticated users created or update bookmarked in archived channels

GHSA-72qv-j8vr-xvfv: Mattermost Fails to Enforce MFA on Plugin Endpoints

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to enforce MFA on plugin endpoints, which allows authenticated attackers to bypass MFA protections via API requests to plugin-specific routes.

GHSA-4v65-xqcj-wpgg: Mattermost Fails to Restrict Command Execution in Archived Channels

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to restrict command execution in archived channels, which allows authenticated users to run commands in archived channels.

CVE-2025-2476: Chromium: CVE-2025-2476 Use after free in Lens

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 134.0.3124.83 3/21/2025 134.0.6998.117/.118

CVE-2025-29806: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**What is the version information for this release?** Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable CVE-2024-8904, 129.0.6668.58/.59 9/19/2024

CVE-2025-29795: Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.

Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility

Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center. The two critical-rated vulnerabilities in question are listed below -  CVE-2024-20439 (CVSS score: 9.8) - The presence of an undocumented static user credential for an administrative account that an attacker could exploit to log in to an

Where Is Computer Vision Essential Today? Insights from Alltegrio’s CEO

Today, we are discussing Computer Vision applications, one of the most impactful AI-powered technologies that is reshaping our…