API - API Security Blog

CVE-2024-7096

creation_timestamp| type| source ---|---|--- 2025-05-30 15:11:33+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114597422241464112 2025-05-30 15:31:22+00:00| seen|...Read More ...

May 30, 2025

CVE-2025-3611

Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated us ...

May 30, 2025

CVE-2025-0602

creation_timestamp| type| source ---|---|--- 2025-05-30 14:29:28+00:00| seen|...Read More ...

May 30, 2025

CVE-2025-4990

creation_timestamp| type| source ---|---|--- 2025-05-30 14:29:50+00:00| seen|...Read More ...

May 30, 2025

CVE-2025-1792 Improper Access Control in Mattermost Channel Member API

Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly enforce access controls for guest users accessing channel member information, allowing a ...

May 30, 2025

CVE-2025-4433

creation_timestamp| type| source ---|---|--- 2025-05-30 12:37:16+00:00| seen|...Read More ...

May 30, 2025

CVE-2025-1792

Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly enforce access controls for guest users accessing channel member information, allowing a ...

May 30, 2025

Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server

Summary A security vulnerability has been identified in go-gh where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing H ...

May 30, 2025